(root)/mandos/release
» Revision
110
(compared to revision 237.7.763)
: plugins.d/password-request.c
To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
« back to all changes in this revision
Viewing changes to plugins.d/password-request.c
- browse files at revision 110
- compare with another revision
- download diff
- download tarball
- view history from revision 110
- Committer: Teddy Hogeborn
- Date: 2008-08-29 05:53:59 UTC
- Revision ID: teddy@fukt.bsnet.se-20080829055359-wkdasnyxtylmnxus
* mandos.xml (EXAMPLE): Replaced all occurences of command name with
"&COMMANDNAME;".
* plugins.d/password-prompt.c (main): Improved some documentation
strings. Do perror() of
tcgetattr() fails. Add debug
output if interrupted by signal.
Loop over write() instead of
using fwrite() when outputting
password. Add debug output if
getline() returns 0, unless it
was caused by a signal. Add
exit status code to debug
output.
* plugins.d/password-prompt.xml: Changed all single quotes to double
quotes for consistency. Removed
<?xml-stylesheet>.
(ENTITY TIMESTAMP): New. Automatically updated by Emacs time-stamp
by using Emacs local variables.
(/refentry/refentryinfo/title): Changed to "Mandos Manual".
(/refentry/refentryinfo/productname): Changed to "Mandos".
(/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
(/refentry/refentryinfo/copyright): Split copyright holders.
(/refentry/refnamediv/refpurpose): Improved wording.
(SYNOPSIS): Fix to use correct markup. Add short options.
(DESCRIPTION, OPTIONS): Improved wording.
(OPTIONS): Improved wording. Use more correct markup. Document
short options.
(EXIT STATUS): Add text.
(ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
(FILES): REMOVED.
(BUGS): Add text.
(EXAMPLE): Added some examples.
(SECURITY): Added text.
(SEE ALSO): Remove reference to mandos(8). Add reference to
crypttab(5).
"&COMMANDNAME;".
* plugins.d/password-prompt.c (main): Improved some documentation
strings. Do perror() of
tcgetattr() fails. Add debug
output if interrupted by signal.
Loop over write() instead of
using fwrite() when outputting
password. Add debug output if
getline() returns 0, unless it
was caused by a signal. Add
exit status code to debug
output.
* plugins.d/password-prompt.xml: Changed all single quotes to double
quotes for consistency. Removed
<?xml-stylesheet>.
(ENTITY TIMESTAMP): New. Automatically updated by Emacs time-stamp
by using Emacs local variables.
(/refentry/refentryinfo/title): Changed to "Mandos Manual".
(/refentry/refentryinfo/productname): Changed to "Mandos".
(/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
(/refentry/refentryinfo/copyright): Split copyright holders.
(/refentry/refnamediv/refpurpose): Improved wording.
(SYNOPSIS): Fix to use correct markup. Add short options.
(DESCRIPTION, OPTIONS): Improved wording.
(OPTIONS): Improved wording. Use more correct markup. Document
short options.
(EXIT STATUS): Add text.
(ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
(FILES): REMOVED.
(BUGS): Add text.
(EXAMPLE): Added some examples.
(SECURITY): Added text.
(SEE ALSO): Remove reference to mandos(8). Add reference to
crypttab(5).
- files added:
- initramfs-tools-hook-conf
- files removed:
- .bzr-builddeb
- debian
- debian/po
- debian/source
- debian/tests
- debian/upstream
- dracut-module
- network-hooks.d
- plugin-helpers
- files renamed:
- plugins.d/mandos-client.c => plugins.d/password-request.c
- plugins.d/mandos-client.xml => plugins.d/password-request.xml
- files modified:
- .bzrignore
added
removed
plugins.d/password-request.c
1
1
/* -*- coding: utf-8 -*- */
2
2
/*
3
* Mandos-client - get and decrypt data from a Mandos server
3
* Mandos client - get and decrypt data from a Mandos server
4
4
*
5
5
* This program is partly derived from an example program for an Avahi
6
6
* service browser, downloaded from
9
9
* "browse_callback", and parts of "main".
10
10
*
11
11
* Everything else is
12
* Copyright © 2008-2019 Teddy Hogeborn
13
* Copyright © 2008-2019 Björn Påhlsson
14
*
15
* This file is part of Mandos.
16
*
17
* Mandos is free software: you can redistribute it and/or modify it
18
* under the terms of the GNU General Public License as published by
19
* the Free Software Foundation, either version 3 of the License, or
20
* (at your option) any later version.
21
*
22
* Mandos is distributed in the hope that it will be useful, but
12
* Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
13
*
14
* This program is free software: you can redistribute it and/or
15
* modify it under the terms of the GNU General Public License as
16
* published by the Free Software Foundation, either version 3 of the
17
* License, or (at your option) any later version.
18
*
19
* This program is distributed in the hope that it will be useful, but
23
20
* WITHOUT ANY WARRANTY; without even the implied warranty of
24
21
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
25
22
* General Public License for more details.
26
23
*
27
24
* You should have received a copy of the GNU General Public License
28
* along with Mandos. If not, see <http://www.gnu.org/licenses/>.
25
* along with this program. If not, see
26
* <http://www.gnu.org/licenses/>.
29
27
*
30
* Contact the authors at <mandos@recompile.se>.
28
* Contact the authors at <mandos@fukt.bsnet.se>.
31
29
*/
32
30
33
31
/* Needed by GPGME, specifically gpgme_data_seek() */
34
#ifndef _LARGEFILE_SOURCE
35
32
#define _LARGEFILE_SOURCE
36
#endif /* not _LARGEFILE_SOURCE */
37
#ifndef _FILE_OFFSET_BITS
38
33
#define _FILE_OFFSET_BITS 64
39
#endif /* not _FILE_OFFSET_BITS */
40
34
41
35
#define _GNU_SOURCE /* TEMP_FAILURE_RETRY(), asprintf() */
42
36
43
37
#include <stdio.h> /* fprintf(), stderr, fwrite(),
44
38
stdout, ferror() */
45
#include <stdint.h> /* uint16_t, uint32_t, intptr_t */
39
#include <stdint.h> /* uint16_t, uint32_t */
46
40
#include <stddef.h> /* NULL, size_t, ssize_t */
47
#include <stdlib.h> /* free(), EXIT_SUCCESS, srand(),
48
strtof(), abort() */
49
#include <stdbool.h> /* bool, false, true */
50
#include <string.h> /* strcmp(), strlen(), strerror(),
51
asprintf(), strncpy(), strsignal()
52
*/
53
#include <sys/ioctl.h> /* ioctl */
41
#include <stdlib.h> /* free(), EXIT_SUCCESS, EXIT_FAILURE,
42
srand() */
43
#include <stdbool.h> /* bool, true */
44
#include <string.h> /* memset(), strcmp(), strlen(),
45
strerror(), asprintf(), strcpy() */
46
#include <sys/ioctl.h> /* ioctl */
54
47
#include <sys/types.h> /* socket(), inet_pton(), sockaddr,
55
48
sockaddr_in6, PF_INET6,
56
SOCK_STREAM, uid_t, gid_t, open(),
57
opendir(), DIR */
58
#include <sys/stat.h> /* open(), S_ISREG */
49
SOCK_STREAM, INET6_ADDRSTRLEN,
50
uid_t, gid_t */
51
#include <inttypes.h> /* PRIu16 */
59
52
#include <sys/socket.h> /* socket(), struct sockaddr_in6,
60
inet_pton(), connect(),
61
getnameinfo() */
62
#include <fcntl.h> /* open(), unlinkat(), AT_REMOVEDIR */
63
#include <dirent.h> /* opendir(), struct dirent, readdir()
64
*/
65
#include <inttypes.h> /* PRIu16, PRIdMAX, intmax_t,
66
strtoimax() */
67
#include <errno.h> /* perror(), errno, EINTR, EINVAL,
68
EAI_SYSTEM, ENETUNREACH,
69
EHOSTUNREACH, ECONNREFUSED, EPROTO,
70
EIO, ENOENT, ENXIO, ENOMEM, EISDIR,
71
ENOTEMPTY,
72
program_invocation_short_name */
73
#include <time.h> /* nanosleep(), time(), sleep() */
53
struct in6_addr, inet_pton(),
54
connect() */
55
#include <assert.h> /* assert() */
56
#include <errno.h> /* perror(), errno */
57
#include <time.h> /* time() */
74
58
#include <net/if.h> /* ioctl, ifreq, SIOCGIFFLAGS, IFF_UP,
75
59
SIOCSIFFLAGS, if_indextoname(),
76
60
if_nametoindex(), IF_NAMESIZE */
77
#include <netinet/in.h> /* IN6_IS_ADDR_LINKLOCAL,
78
INET_ADDRSTRLEN, INET6_ADDRSTRLEN
79
*/
80
61
#include <unistd.h> /* close(), SEEK_SET, off_t, write(),
81
getuid(), getgid(), seteuid(),
82
setgid(), pause(), _exit(),
83
unlinkat() */
84
#include <arpa/inet.h> /* inet_pton(), htons() */
85
#include <iso646.h> /* not, or, and */
62
getuid(), getgid(), setuid(),
63
setgid() */
64
#include <netinet/in.h>
65
#include <arpa/inet.h> /* inet_pton(), htons */
66
#include <iso646.h> /* not, and */
86
67
#include <argp.h> /* struct argp_option, error_t, struct
87
68
argp_state, struct argp,
88
69
argp_parse(), ARGP_KEY_ARG,
89
70
ARGP_KEY_END, ARGP_ERR_UNKNOWN */
90
#include <signal.h> /* sigemptyset(), sigaddset(),
91
sigaction(), SIGTERM, sig_atomic_t,
92
raise() */
93
#include <sysexits.h> /* EX_OSERR, EX_USAGE, EX_UNAVAILABLE,
94
EX_NOHOST, EX_IOERR, EX_PROTOCOL */
95
#include <sys/wait.h> /* waitpid(), WIFEXITED(),
96
WEXITSTATUS(), WTERMSIG() */
97
#include <grp.h> /* setgroups() */
98
#include <argz.h> /* argz_add_sep(), argz_next(),
99
argz_delete(), argz_append(),
100
argz_stringify(), argz_add(),
101
argz_count() */
102
#include <netdb.h> /* getnameinfo(), NI_NUMERICHOST,
103
EAI_SYSTEM, gai_strerror() */
104
105
#ifdef __linux__
106
#include <sys/klog.h> /* klogctl() */
107
#endif /* __linux__ */
108
71
109
72
/* Avahi */
110
73
/* All Avahi types, constants and functions
123
86
gnutls_*
124
87
init_gnutls_session(),
125
88
GNUTLS_* */
126
#if GNUTLS_VERSION_NUMBER < 0x030600
127
#include <gnutls/openpgp.h>
128
/* gnutls_certificate_set_openpgp_key_file(),
129
GNUTLS_OPENPGP_FMT_BASE64 */
130
#elif GNUTLS_VERSION_NUMBER >= 0x030606
131
#include <gnutls/x509.h> /* gnutls_pkcs_encrypt_flags_t,
132
GNUTLS_PKCS_PLAIN,
133
GNUTLS_PKCS_NULL_PASSWORD */
134
#endif
89
#include <gnutls/openpgp.h> /* gnutls_certificate_set_openpgp_key_file(),
90
GNUTLS_OPENPGP_FMT_BASE64 */
135
91
136
92
/* GPGME */
137
93
#include <gpgme.h> /* All GPGME types, constants and
142
98
143
99
#define BUFFER_SIZE 256
144
100
145
#define PATHDIR "/conf/conf.d/mandos"
146
#define SECKEY "seckey.txt"
147
#define PUBKEY "pubkey.txt"
148
#define TLS_PRIVKEY "tls-privkey.pem"
149
#define TLS_PUBKEY "tls-pubkey.pem"
150
#define HOOKDIR "/lib/mandos/network-hooks.d"
151
152
101
bool debug = false;
102
static const char *keydir = "/conf/conf.d/mandos";
153
103
static const char mandos_protocol_version[] = "1";
154
const char *argp_program_version = "mandos-client " VERSION;
155
const char *argp_program_bug_address = "<mandos@recompile.se>";
156
static const char sys_class_net[] = "/sys/class/net";
157
char *connect_to = NULL;
158
const char *hookdir = HOOKDIR;
159
int hookdir_fd = -1;
160
uid_t uid = 65534;
161
gid_t gid = 65534;
162
163
/* Doubly linked list that need to be circularly linked when used */
164
typedef struct server{
165
const char *ip;
166
in_port_t port;
167
AvahiIfIndex if_index;
168
int af;
169
struct timespec last_seen;
170
struct server *next;
171
struct server *prev;
172
} server;
104
const char *argp_program_version = "password-request 1.0";
105
const char *argp_program_bug_address = "<mandos@fukt.bsnet.se>";
173
106
174
107
/* Used for passing in values through the Avahi callback functions */
175
108
typedef struct {
109
AvahiSimplePoll *simple_poll;
176
110
AvahiServer *server;
177
111
gnutls_certificate_credentials_t cred;
178
112
unsigned int dh_bits;
179
113
gnutls_dh_params_t dh_params;
180
114
const char *priority;
181
gpgme_ctx_t ctx;
182
server *current_server;
183
char *interfaces;
184
size_t interfaces_size;
185
115
} mandos_context;
186
116
187
/* global so signal handler can reach it*/
188
AvahiSimplePoll *simple_poll;
189
190
sig_atomic_t quit_now = 0;
191
int signal_received = 0;
192
193
/* Function to use when printing errors */
194
void perror_plus(const char *print_text){
195
int e = errno;
196
fprintf(stderr, "Mandos plugin %s: ",
197
program_invocation_short_name);
198
errno = e;
199
perror(print_text);
200
}
201
202
__attribute__((format (gnu_printf, 2, 3), nonnull))
203
int fprintf_plus(FILE *stream, const char *format, ...){
204
va_list ap;
205
va_start (ap, format);
206
207
TEMP_FAILURE_RETRY(fprintf(stream, "Mandos plugin %s: ",
208
program_invocation_short_name));
209
return (int)TEMP_FAILURE_RETRY(vfprintf(stream, format, ap));
210
}
211
212
117
/*
213
* Make additional room in "buffer" for at least BUFFER_SIZE more
214
* bytes. "buffer_capacity" is how much is currently allocated,
118
* Make room in "buffer" for at least BUFFER_SIZE additional bytes.
119
* "buffer_capacity" is how much is currently allocated,
215
120
* "buffer_length" is how much is already used.
216
121
*/
217
__attribute__((nonnull, warn_unused_result))
218
size_t incbuffer(char **buffer, size_t buffer_length,
219
size_t buffer_capacity){
220
if(buffer_length + BUFFER_SIZE > buffer_capacity){
221
char *new_buf = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
222
if(new_buf == NULL){
223
int old_errno = errno;
224
free(*buffer);
225
errno = old_errno;
226
*buffer = NULL;
122
size_t adjustbuffer(char **buffer, size_t buffer_length,
123
size_t buffer_capacity){
124
if (buffer_length + BUFFER_SIZE > buffer_capacity){
125
*buffer = realloc(*buffer, buffer_capacity + BUFFER_SIZE);
126
if (buffer == NULL){
227
127
return 0;
228
128
}
229
*buffer = new_buf;
230
129
buffer_capacity += BUFFER_SIZE;
231
130
}
232
131
return buffer_capacity;
233
132
}
234
133
235
/* Add server to set of servers to retry periodically */
236
__attribute__((nonnull, warn_unused_result))
237
bool add_server(const char *ip, in_port_t port, AvahiIfIndex if_index,
238
int af, server **current_server){
239
int ret;
240
server *new_server = malloc(sizeof(server));
241
if(new_server == NULL){
242
perror_plus("malloc");
243
return false;
244
}
245
*new_server = (server){ .ip = strdup(ip),
246
.port = port,
247
.if_index = if_index,
248
.af = af };
249
if(new_server->ip == NULL){
250
perror_plus("strdup");
251
free(new_server);
252
return false;
253
}
254
ret = clock_gettime(CLOCK_MONOTONIC, &(new_server->last_seen));
255
if(ret == -1){
256
perror_plus("clock_gettime");
257
#ifdef __GNUC__
258
#pragma GCC diagnostic push
259
#pragma GCC diagnostic ignored "-Wcast-qual"
260
#endif
261
free((char *)(new_server->ip));
262
#ifdef __GNUC__
263
#pragma GCC diagnostic pop
264
#endif
265
free(new_server);
266
return false;
267
}
268
/* Special case of first server */
269
if(*current_server == NULL){
270
new_server->next = new_server;
271
new_server->prev = new_server;
272
*current_server = new_server;
273
} else {
274
/* Place the new server last in the list */
275
new_server->next = *current_server;
276
new_server->prev = (*current_server)->prev;
277
new_server->prev->next = new_server;
278
(*current_server)->prev = new_server;
279
}
280
return true;
281
}
282
283
/* Set effective uid to 0, return errno */
284
__attribute__((warn_unused_result))
285
int raise_privileges(void){
286
int old_errno = errno;
287
int ret = 0;
288
if(seteuid(0) == -1){
289
ret = errno;
290
}
291
errno = old_errno;
292
return ret;
293
}
294
295
/* Set effective and real user ID to 0. Return errno. */
296
__attribute__((warn_unused_result))
297
int raise_privileges_permanently(void){
298
int old_errno = errno;
299
int ret = raise_privileges();
300
if(ret != 0){
301
errno = old_errno;
302
return ret;
303
}
304
if(setuid(0) == -1){
305
ret = errno;
306
}
307
errno = old_errno;
308
return ret;
309
}
310
311
/* Set effective user ID to unprivileged saved user ID */
312
__attribute__((warn_unused_result))
313
int lower_privileges(void){
314
int old_errno = errno;
315
int ret = 0;
316
if(seteuid(uid) == -1){
317
ret = errno;
318
}
319
errno = old_errno;
320
return ret;
321
}
322
323
/* Lower privileges permanently */
324
__attribute__((warn_unused_result))
325
int lower_privileges_permanently(void){
326
int old_errno = errno;
327
int ret = 0;
328
if(setuid(uid) == -1){
329
ret = errno;
330
}
331
errno = old_errno;
332
return ret;
333
}
334
335
134
/*
336
* Initialize GPGME.
135
* Decrypt OpenPGP data using keyrings in HOMEDIR.
136
* Returns -1 on error
337
137
*/
338
__attribute__((nonnull, warn_unused_result))
339
static bool init_gpgme(const char * const seckey,
340
const char * const pubkey,
341
const char * const tempdir,
342
mandos_context *mc){
138
static ssize_t pgp_packet_decrypt (const char *cryptotext,
139
size_t crypto_size,
140
char **plaintext,
141
const char *homedir){
142
gpgme_data_t dh_crypto, dh_plain;
143
gpgme_ctx_t ctx;
343
144
gpgme_error_t rc;
145
ssize_t ret;
146
size_t plaintext_capacity = 0;
147
ssize_t plaintext_length = 0;
344
148
gpgme_engine_info_t engine_info;
345
149
346
/*
347
* Helper function to insert pub and seckey to the engine keyring.
348
*/
349
bool import_key(const char * const filename){
350
int ret;
351
int fd;
352
gpgme_data_t pgp_data;
353
354
fd = (int)TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
355
if(fd == -1){
356
perror_plus("open");
357
return false;
358
}
359
360
/* Workaround for systems without a real-time clock; see also
361
Debian bug #894495: <https://bugs.debian.org/894495> */
362
do {
363
{
364
time_t currtime = time(NULL);
365
if(currtime != (time_t)-1){
366
struct tm tm;
367
if(gmtime_r(&currtime, &tm) == NULL) {
368
perror_plus("gmtime_r");
369
break;
370
}
371
if(tm.tm_year != 70 or tm.tm_mon != 0){
372
break;
373
}
374
if(debug){
375
fprintf_plus(stderr, "System clock is January 1970");
376
}
377
} else {
378
if(debug){
379
fprintf_plus(stderr, "System clock is invalid");
380
}
381
}
382
}
383
struct stat keystat;
384
ret = fstat(fd, &keystat);
385
if(ret != 0){
386
perror_plus("fstat");
387
break;
388
}
389
ret = raise_privileges();
390
if(ret != 0){
391
errno = ret;
392
perror_plus("Failed to raise privileges");
393
break;
394
}
395
if(debug){
396
fprintf_plus(stderr,
397
"Setting system clock to key file mtime");
398
}
399
time_t keytime = keystat.st_mtim.tv_sec;
400
if(stime(&keytime) != 0){
401
perror_plus("stime");
402
}
403
ret = lower_privileges();
404
if(ret != 0){
405
errno = ret;
406
perror_plus("Failed to lower privileges");
407
}
408
} while(false);
409
410
rc = gpgme_data_new_from_fd(&pgp_data, fd);
411
if(rc != GPG_ERR_NO_ERROR){
412
fprintf_plus(stderr, "bad gpgme_data_new_from_fd: %s: %s\n",
413
gpgme_strsource(rc), gpgme_strerror(rc));
414
return false;
415
}
416
417
rc = gpgme_op_import(mc->ctx, pgp_data);
418
if(rc != GPG_ERR_NO_ERROR){
419
fprintf_plus(stderr, "bad gpgme_op_import: %s: %s\n",
420
gpgme_strsource(rc), gpgme_strerror(rc));
421
return false;
422
}
423
{
424
gpgme_import_result_t import_result
425
= gpgme_op_import_result(mc->ctx);
426
if((import_result->imported < 1
427
or import_result->not_imported > 0)
428
and import_result->unchanged == 0){
429
fprintf_plus(stderr, "bad gpgme_op_import_results:\n");
430
fprintf_plus(stderr,
431
"The total number of considered keys: %d\n",
432
import_result->considered);
433
fprintf_plus(stderr,
434
"The number of keys without user ID: %d\n",
435
import_result->no_user_id);
436
fprintf_plus(stderr,
437
"The total number of imported keys: %d\n",
438
import_result->imported);
439
fprintf_plus(stderr, "The number of imported RSA keys: %d\n",
440
import_result->imported_rsa);
441
fprintf_plus(stderr, "The number of unchanged keys: %d\n",
442
import_result->unchanged);
443
fprintf_plus(stderr, "The number of new user IDs: %d\n",
444
import_result->new_user_ids);
445
fprintf_plus(stderr, "The number of new sub keys: %d\n",
446
import_result->new_sub_keys);
447
fprintf_plus(stderr, "The number of new signatures: %d\n",
448
import_result->new_signatures);
449
fprintf_plus(stderr, "The number of new revocations: %d\n",
450
import_result->new_revocations);
451
fprintf_plus(stderr,
452
"The total number of secret keys read: %d\n",
453
import_result->secret_read);
454
fprintf_plus(stderr,
455
"The number of imported secret keys: %d\n",
456
import_result->secret_imported);
457
fprintf_plus(stderr,
458
"The number of unchanged secret keys: %d\n",
459
import_result->secret_unchanged);
460
fprintf_plus(stderr, "The number of keys not imported: %d\n",
461
import_result->not_imported);
462
for(gpgme_import_status_t import_status
463
= import_result->imports;
464
import_status != NULL;
465
import_status = import_status->next){
466
fprintf_plus(stderr, "Import status for key: %s\n",
467
import_status->fpr);
468
if(import_status->result != GPG_ERR_NO_ERROR){
469
fprintf_plus(stderr, "Import result: %s: %s\n",
470
gpgme_strsource(import_status->result),
471
gpgme_strerror(import_status->result));
472
}
473
fprintf_plus(stderr, "Key status:\n");
474
fprintf_plus(stderr,
475
import_status->status & GPGME_IMPORT_NEW
476
? "The key was new.\n"
477
: "The key was not new.\n");
478
fprintf_plus(stderr,
479
import_status->status & GPGME_IMPORT_UID
480
? "The key contained new user IDs.\n"
481
: "The key did not contain new user IDs.\n");
482
fprintf_plus(stderr,
483
import_status->status & GPGME_IMPORT_SIG
484
? "The key contained new signatures.\n"
485
: "The key did not contain new signatures.\n");
486
fprintf_plus(stderr,
487
import_status->status & GPGME_IMPORT_SUBKEY
488
? "The key contained new sub keys.\n"
489
: "The key did not contain new sub keys.\n");
490
fprintf_plus(stderr,
491
import_status->status & GPGME_IMPORT_SECRET
492
? "The key contained a secret key.\n"
493
: "The key did not contain a secret key.\n");
494
}
495
return false;
496
}
497
}
498
499
ret = close(fd);
500
if(ret == -1){
501
perror_plus("close");
502
}
503
gpgme_data_release(pgp_data);
504
return true;
505
}
506
507
if(debug){
508
fprintf_plus(stderr, "Initializing GPGME\n");
150
if (debug){
151
fprintf(stderr, "Trying to decrypt OpenPGP data\n");
509
152
}
510
153
511
154
/* Init GPGME */
512
155
gpgme_check_version(NULL);
513
156
rc = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
514
if(rc != GPG_ERR_NO_ERROR){
515
fprintf_plus(stderr, "bad gpgme_engine_check_version: %s: %s\n",
516
gpgme_strsource(rc), gpgme_strerror(rc));
517
return false;
157
if (rc != GPG_ERR_NO_ERROR){
158
fprintf(stderr, "bad gpgme_engine_check_version: %s: %s\n",
159
gpgme_strsource(rc), gpgme_strerror(rc));
160
return -1;
518
161
}
519
162
520
163
/* Set GPGME home directory for the OpenPGP engine only */
521
rc = gpgme_get_engine_info(&engine_info);
522
if(rc != GPG_ERR_NO_ERROR){
523
fprintf_plus(stderr, "bad gpgme_get_engine_info: %s: %s\n",
524
gpgme_strsource(rc), gpgme_strerror(rc));
525
return false;
164
rc = gpgme_get_engine_info (&engine_info);
165
if (rc != GPG_ERR_NO_ERROR){
166
fprintf(stderr, "bad gpgme_get_engine_info: %s: %s\n",
167
gpgme_strsource(rc), gpgme_strerror(rc));
168
return -1;
526
169
}
527
170
while(engine_info != NULL){
528
171
if(engine_info->protocol == GPGME_PROTOCOL_OpenPGP){
529
172
gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP,
530
engine_info->file_name, tempdir);
173
engine_info->file_name, homedir);
531
174
break;
532
175
}
533
176
engine_info = engine_info->next;
534
177
}
535
178
if(engine_info == NULL){
536
fprintf_plus(stderr, "Could not set GPGME home dir to %s\n",
537
tempdir);
538
return false;
539
}
540
541
/* Create new GPGME "context" */
542
rc = gpgme_new(&(mc->ctx));
543
if(rc != GPG_ERR_NO_ERROR){
544
fprintf_plus(stderr, "bad gpgme_new: %s: %s\n",
545
gpgme_strsource(rc), gpgme_strerror(rc));
546
return false;
547
}
548
549
if(not import_key(pubkey) or not import_key(seckey)){
550
return false;
551
}
552
553
return true;
554
}
555
556
/*
557
* Decrypt OpenPGP data.
558
* Returns -1 on error
559
*/
560
__attribute__((nonnull, warn_unused_result))
561
static ssize_t pgp_packet_decrypt(const char *cryptotext,
562
size_t crypto_size,
563
char **plaintext,
564
mandos_context *mc){
565
gpgme_data_t dh_crypto, dh_plain;
566
gpgme_error_t rc;
567
ssize_t ret;
568
size_t plaintext_capacity = 0;
569
ssize_t plaintext_length = 0;
570
571
if(debug){
572
fprintf_plus(stderr, "Trying to decrypt OpenPGP data\n");
179
fprintf(stderr, "Could not set GPGME home dir to %s\n", homedir);
180
return -1;
573
181
}
574
182
575
183
/* Create new GPGME data buffer from memory cryptotext */
576
184
rc = gpgme_data_new_from_mem(&dh_crypto, cryptotext, crypto_size,
577
185
0);
578
if(rc != GPG_ERR_NO_ERROR){
579
fprintf_plus(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
580
gpgme_strsource(rc), gpgme_strerror(rc));
186
if (rc != GPG_ERR_NO_ERROR){
187
fprintf(stderr, "bad gpgme_data_new_from_mem: %s: %s\n",
188
gpgme_strsource(rc), gpgme_strerror(rc));
581
189
return -1;
582
190
}
583
191
584
192
/* Create new empty GPGME data buffer for the plaintext */
585
193
rc = gpgme_data_new(&dh_plain);
586
if(rc != GPG_ERR_NO_ERROR){
587
fprintf_plus(stderr, "bad gpgme_data_new: %s: %s\n",
588
gpgme_strsource(rc), gpgme_strerror(rc));
194
if (rc != GPG_ERR_NO_ERROR){
195
fprintf(stderr, "bad gpgme_data_new: %s: %s\n",
196
gpgme_strsource(rc), gpgme_strerror(rc));
589
197
gpgme_data_release(dh_crypto);
590
198
return -1;
591
199
}
592
200
201
/* Create new GPGME "context" */
202
rc = gpgme_new(&ctx);
203
if (rc != GPG_ERR_NO_ERROR){
204
fprintf(stderr, "bad gpgme_new: %s: %s\n",
205
gpgme_strsource(rc), gpgme_strerror(rc));
206
plaintext_length = -1;
207
goto decrypt_end;
208
}
209
593
210
/* Decrypt data from the cryptotext data buffer to the plaintext
594
211
data buffer */
595
rc = gpgme_op_decrypt(mc->ctx, dh_crypto, dh_plain);
596
if(rc != GPG_ERR_NO_ERROR){
597
fprintf_plus(stderr, "bad gpgme_op_decrypt: %s: %s\n",
598
gpgme_strsource(rc), gpgme_strerror(rc));
212
rc = gpgme_op_decrypt(ctx, dh_crypto, dh_plain);
213
if (rc != GPG_ERR_NO_ERROR){
214
fprintf(stderr, "bad gpgme_op_decrypt: %s: %s\n",
215
gpgme_strsource(rc), gpgme_strerror(rc));
599
216
plaintext_length = -1;
600
if(debug){
217
if (debug){
601
218
gpgme_decrypt_result_t result;
602
result = gpgme_op_decrypt_result(mc->ctx);
603
if(result == NULL){
604
fprintf_plus(stderr, "gpgme_op_decrypt_result failed\n");
219
result = gpgme_op_decrypt_result(ctx);
220
if (result == NULL){
221
fprintf(stderr, "gpgme_op_decrypt_result failed\n");
605
222
} else {
606
if(result->unsupported_algorithm != NULL) {
607
fprintf_plus(stderr, "Unsupported algorithm: %s\n",
608
result->unsupported_algorithm);
609
}
610
fprintf_plus(stderr, "Wrong key usage: %s\n",
611
result->wrong_key_usage ? "Yes" : "No");
223
fprintf(stderr, "Unsupported algorithm: %s\n",
224
result->unsupported_algorithm);
225
fprintf(stderr, "Wrong key usage: %u\n",
226
result->wrong_key_usage);
612
227
if(result->file_name != NULL){
613
fprintf_plus(stderr, "File name: %s\n", result->file_name);
228
fprintf(stderr, "File name: %s\n", result->file_name);
614
229
}
615
616
for(gpgme_recipient_t r = result->recipients; r != NULL;
617
r = r->next){
618
fprintf_plus(stderr, "Public key algorithm: %s\n",
619
gpgme_pubkey_algo_name(r->pubkey_algo));
620
fprintf_plus(stderr, "Key ID: %s\n", r->keyid);
621
fprintf_plus(stderr, "Secret key available: %s\n",
622
r->status == GPG_ERR_NO_SECKEY ? "No" : "Yes");
230
gpgme_recipient_t recipient;
231
recipient = result->recipients;
232
if(recipient){
233
while(recipient != NULL){
234
fprintf(stderr, "Public key algorithm: %s\n",
235
gpgme_pubkey_algo_name(recipient->pubkey_algo));
236
fprintf(stderr, "Key ID: %s\n", recipient->keyid);
237
fprintf(stderr, "Secret key available: %s\n",
238
recipient->status == GPG_ERR_NO_SECKEY
239
? "No" : "Yes");
240
recipient = recipient->next;
241
}
623
242
}
624
243
}
625
244
}
627
246
}
628
247
629
248
if(debug){
630
fprintf_plus(stderr, "Decryption of OpenPGP data succeeded\n");
249
fprintf(stderr, "Decryption of OpenPGP data succeeded\n");
631
250
}
632
251
633
252
/* Seek back to the beginning of the GPGME plaintext data buffer */
634
if(gpgme_data_seek(dh_plain, (off_t)0, SEEK_SET) == -1){
635
perror_plus("gpgme_data_seek");
253
if (gpgme_data_seek(dh_plain, (off_t) 0, SEEK_SET) == -1){
254
perror("pgpme_data_seek");
636
255
plaintext_length = -1;
637
256
goto decrypt_end;
638
257
}
639
258
640
259
*plaintext = NULL;
641
260
while(true){
642
plaintext_capacity = incbuffer(plaintext,
643
(size_t)plaintext_length,
644
plaintext_capacity);
645
if(plaintext_capacity == 0){
646
perror_plus("incbuffer");
647
plaintext_length = -1;
648
goto decrypt_end;
261
plaintext_capacity = adjustbuffer(plaintext,
262
(size_t)plaintext_length,
263
plaintext_capacity);
264
if (plaintext_capacity == 0){
265
perror("adjustbuffer");
266
plaintext_length = -1;
267
goto decrypt_end;
649
268
}
650
269
651
270
ret = gpgme_data_read(dh_plain, *plaintext + plaintext_length,
652
271
BUFFER_SIZE);
653
272
/* Print the data, if any */
654
if(ret == 0){
273
if (ret == 0){
655
274
/* EOF */
656
275
break;
657
276
}
658
277
if(ret < 0){
659
perror_plus("gpgme_data_read");
278
perror("gpgme_data_read");
660
279
plaintext_length = -1;
661
280
goto decrypt_end;
662
281
}
663
282
plaintext_length += ret;
664
283
}
665
284
666
285
if(debug){
667
fprintf_plus(stderr, "Decrypted password is: ");
286
fprintf(stderr, "Decrypted password is: ");
668
287
for(ssize_t i = 0; i < plaintext_length; i++){
669
288
fprintf(stderr, "%02hhX ", (*plaintext)[i]);
670
289
}
681
300
return plaintext_length;
682
301
}
683
302
684
__attribute__((warn_unused_result, const))
685
static const char *safe_string(const char *str){
686
if(str == NULL)
687
return "(unknown)";
688
return str;
689
}
690
691
__attribute__((warn_unused_result))
692
static const char *safer_gnutls_strerror(int value){
693
const char *ret = gnutls_strerror(value);
694
return safe_string(ret);
303
static const char * safer_gnutls_strerror (int value) {
304
const char *ret = gnutls_strerror (value); /* Spurious warning */
305
if (ret == NULL)
306
ret = "(unknown)";
307
return ret;
695
308
}
696
309
697
310
/* GnuTLS log function callback */
698
__attribute__((nonnull))
699
311
static void debuggnutls(__attribute__((unused)) int level,
700
312
const char* string){
701
fprintf_plus(stderr, "GnuTLS: %s", string);
313
fprintf(stderr, "GnuTLS: %s", string);
702
314
}
703
315
704
__attribute__((nonnull(1, 2, 4), warn_unused_result))
705
static int init_gnutls_global(const char *pubkeyfilename,
706
const char *seckeyfilename,
707
const char *dhparamsfilename,
708
mandos_context *mc){
316
static int init_gnutls_global(mandos_context *mc,
317
const char *pubkeyfilename,
318
const char *seckeyfilename){
709
319
int ret;
710
320
711
321
if(debug){
712
fprintf_plus(stderr, "Initializing GnuTLS\n");
713
}
714
715
if(debug){
322
fprintf(stderr, "Initializing GnuTLS\n");
323
}
324
325
ret = gnutls_global_init();
326
if (ret != GNUTLS_E_SUCCESS) {
327
fprintf (stderr, "GnuTLS global_init: %s\n",
328
safer_gnutls_strerror(ret));
329
return -1;
330
}
331
332
if (debug){
716
333
/* "Use a log level over 10 to enable all debugging options."
717
334
* - GnuTLS manual
718
335
*/
721
338
}
722
339
723
340
/* OpenPGP credentials */
724
ret = gnutls_certificate_allocate_credentials(&mc->cred);
725
if(ret != GNUTLS_E_SUCCESS){
726
fprintf_plus(stderr, "GnuTLS memory error: %s\n",
727
safer_gnutls_strerror(ret));
341
gnutls_certificate_allocate_credentials(&mc->cred);
342
if (ret != GNUTLS_E_SUCCESS){
343
fprintf (stderr, "GnuTLS memory error: %s\n", /* Spurious
344
warning */
345
safer_gnutls_strerror(ret));
346
gnutls_global_deinit ();
728
347
return -1;
729
348
}
730
349
731
350
if(debug){
732
fprintf_plus(stderr, "Attempting to use public key %s and"
733
" private key %s as GnuTLS credentials\n",
734
pubkeyfilename,
735
seckeyfilename);
351
fprintf(stderr, "Attempting to use OpenPGP certificate %s"
352
" and keyfile %s as GnuTLS credentials\n", pubkeyfilename,
353
seckeyfilename);
736
354
}
737
355
738
#if GNUTLS_VERSION_NUMBER >= 0x030606
739
ret = gnutls_certificate_set_rawpk_key_file
740
(mc->cred, pubkeyfilename, seckeyfilename,
741
GNUTLS_X509_FMT_PEM, /* format */
742
NULL, /* pass */
743
/* key_usage */
744
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
745
NULL, /* names */
746
0, /* names_length */
747
/* privkey_flags */
748
GNUTLS_PKCS_PLAIN | GNUTLS_PKCS_NULL_PASSWORD,
749
0); /* pkcs11_flags */
750
#elif GNUTLS_VERSION_NUMBER < 0x030600
751
356
ret = gnutls_certificate_set_openpgp_key_file
752
357
(mc->cred, pubkeyfilename, seckeyfilename,
753
358
GNUTLS_OPENPGP_FMT_BASE64);
754
#else
755
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
756
#endif
757
if(ret != GNUTLS_E_SUCCESS){
758
fprintf_plus(stderr,
759
"Error[%d] while reading the key pair ('%s',"
760
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
761
fprintf_plus(stderr, "The GnuTLS error is: %s\n",
762
safer_gnutls_strerror(ret));
359
if (ret != GNUTLS_E_SUCCESS) {
360
fprintf(stderr,
361
"Error[%d] while reading the OpenPGP key pair ('%s',"
362
" '%s')\n", ret, pubkeyfilename, seckeyfilename);
363
fprintf(stdout, "The GnuTLS error is: %s\n",
364
safer_gnutls_strerror(ret));
763
365
goto globalfail;
764
366
}
765
367
766
368
/* GnuTLS server initialization */
767
369
ret = gnutls_dh_params_init(&mc->dh_params);
768
if(ret != GNUTLS_E_SUCCESS){
769
fprintf_plus(stderr, "Error in GnuTLS DH parameter"
770
" initialization: %s\n",
771
safer_gnutls_strerror(ret));
772
goto globalfail;
773
}
774
/* If a Diffie-Hellman parameters file was given, try to use it */
775
if(dhparamsfilename != NULL){
776
gnutls_datum_t params = { .data = NULL, .size = 0 };
777
do {
778
int dhpfile = open(dhparamsfilename, O_RDONLY);
779
if(dhpfile == -1){
780
perror_plus("open");
781
dhparamsfilename = NULL;
782
break;
783
}
784
size_t params_capacity = 0;
785
while(true){
786
params_capacity = incbuffer((char **)¶ms.data,
787
(size_t)params.size,
788
(size_t)params_capacity);
789
if(params_capacity == 0){
790
perror_plus("incbuffer");
791
free(params.data);
792
params.data = NULL;
793
dhparamsfilename = NULL;
794
break;
795
}
796
ssize_t bytes_read = read(dhpfile,
797
params.data + params.size,
798
BUFFER_SIZE);
799
/* EOF */
800
if(bytes_read == 0){
801
break;
802
}
803
/* check bytes_read for failure */
804
if(bytes_read < 0){
805
perror_plus("read");
806
free(params.data);
807
params.data = NULL;
808
dhparamsfilename = NULL;
809
break;
810
}
811
params.size += (unsigned int)bytes_read;
812
}
813
ret = close(dhpfile);
814
if(ret == -1){
815
perror_plus("close");
816
}
817
if(params.data == NULL){
818
dhparamsfilename = NULL;
819
}
820
if(dhparamsfilename == NULL){
821
break;
822
}
823
ret = gnutls_dh_params_import_pkcs3(mc->dh_params, ¶ms,
824
GNUTLS_X509_FMT_PEM);
825
if(ret != GNUTLS_E_SUCCESS){
826
fprintf_plus(stderr, "Failed to parse DH parameters in file"
827
" \"%s\": %s\n", dhparamsfilename,
828
safer_gnutls_strerror(ret));
829
dhparamsfilename = NULL;
830
}
831
free(params.data);
832
} while(false);
833
}
834
if(dhparamsfilename == NULL){
835
if(mc->dh_bits == 0){
836
#if GNUTLS_VERSION_NUMBER < 0x030600
837
/* Find out the optimal number of DH bits */
838
/* Try to read the private key file */
839
gnutls_datum_t buffer = { .data = NULL, .size = 0 };
840
do {
841
int secfile = open(seckeyfilename, O_RDONLY);
842
if(secfile == -1){
843
perror_plus("open");
844
break;
845
}
846
size_t buffer_capacity = 0;
847
while(true){
848
buffer_capacity = incbuffer((char **)&buffer.data,
849
(size_t)buffer.size,
850
(size_t)buffer_capacity);
851
if(buffer_capacity == 0){
852
perror_plus("incbuffer");
853
free(buffer.data);
854
buffer.data = NULL;
855
break;
856
}
857
ssize_t bytes_read = read(secfile,
858
buffer.data + buffer.size,
859
BUFFER_SIZE);
860
/* EOF */
861
if(bytes_read == 0){
862
break;
863
}
864
/* check bytes_read for failure */
865
if(bytes_read < 0){
866
perror_plus("read");
867
free(buffer.data);
868
buffer.data = NULL;
869
break;
870
}
871
buffer.size += (unsigned int)bytes_read;
872
}
873
close(secfile);
874
} while(false);
875
/* If successful, use buffer to parse private key */
876
gnutls_sec_param_t sec_param = GNUTLS_SEC_PARAM_ULTRA;
877
if(buffer.data != NULL){
878
{
879
gnutls_openpgp_privkey_t privkey = NULL;
880
ret = gnutls_openpgp_privkey_init(&privkey);
881
if(ret != GNUTLS_E_SUCCESS){
882
fprintf_plus(stderr, "Error initializing OpenPGP key"
883
" structure: %s",
884
safer_gnutls_strerror(ret));
885
free(buffer.data);
886
buffer.data = NULL;
887
} else {
888
ret = gnutls_openpgp_privkey_import
889
(privkey, &buffer, GNUTLS_OPENPGP_FMT_BASE64, "", 0);
890
if(ret != GNUTLS_E_SUCCESS){
891
fprintf_plus(stderr, "Error importing OpenPGP key : %s",
892
safer_gnutls_strerror(ret));
893
privkey = NULL;
894
}
895
free(buffer.data);
896
buffer.data = NULL;
897
if(privkey != NULL){
898
/* Use private key to suggest an appropriate
899
sec_param */
900
sec_param = gnutls_openpgp_privkey_sec_param(privkey);
901
gnutls_openpgp_privkey_deinit(privkey);
902
if(debug){
903
fprintf_plus(stderr, "This OpenPGP key implies using"
904
" a GnuTLS security parameter \"%s\".\n",
905
safe_string(gnutls_sec_param_get_name
906
(sec_param)));
907
}
908
}
909
}
910
}
911
if(sec_param == GNUTLS_SEC_PARAM_UNKNOWN){
912
/* Err on the side of caution */
913
sec_param = GNUTLS_SEC_PARAM_ULTRA;
914
if(debug){
915
fprintf_plus(stderr, "Falling back to security parameter"
916
" \"%s\"\n",
917
safe_string(gnutls_sec_param_get_name
918
(sec_param)));
919
}
920
}
921
}
922
unsigned int uret = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, sec_param);
923
if(uret != 0){
924
mc->dh_bits = uret;
925
if(debug){
926
fprintf_plus(stderr, "A \"%s\" GnuTLS security parameter"
927
" implies %u DH bits; using that.\n",
928
safe_string(gnutls_sec_param_get_name
929
(sec_param)),
930
mc->dh_bits);
931
}
932
} else {
933
fprintf_plus(stderr, "Failed to get implied number of DH"
934
" bits for security parameter \"%s\"): %s\n",
935
safe_string(gnutls_sec_param_get_name
936
(sec_param)),
937
safer_gnutls_strerror(ret));
938
goto globalfail;
939
}
940
#endif
941
} else { /* dh_bits != 0 */
942
if(debug){
943
fprintf_plus(stderr, "DH bits explicitly set to %u\n",
944
mc->dh_bits);
945
}
946
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
947
if(ret != GNUTLS_E_SUCCESS){
948
fprintf_plus(stderr, "Error in GnuTLS prime generation (%u"
949
" bits): %s\n", mc->dh_bits,
950
safer_gnutls_strerror(ret));
951
goto globalfail;
952
}
953
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
954
}
370
if (ret != GNUTLS_E_SUCCESS) {
371
fprintf (stderr, "Error in GnuTLS DH parameter initialization:"
372
" %s\n", safer_gnutls_strerror(ret));
373
goto globalfail;
374
}
375
ret = gnutls_dh_params_generate2(mc->dh_params, mc->dh_bits);
376
if (ret != GNUTLS_E_SUCCESS) {
377
fprintf (stderr, "Error in GnuTLS prime generation: %s\n",
378
safer_gnutls_strerror(ret));
379
goto globalfail;
955
380
}
956
381
382
gnutls_certificate_set_dh_params(mc->cred, mc->dh_params);
383
957
384
return 0;
958
385
959
386
globalfail:
960
387
961
388
gnutls_certificate_free_credentials(mc->cred);
962
gnutls_dh_params_deinit(mc->dh_params);
389
gnutls_global_deinit();
963
390
return -1;
391
964
392
}
965
393
966
__attribute__((nonnull, warn_unused_result))
967
static int init_gnutls_session(gnutls_session_t *session,
968
mandos_context *mc){
394
static int init_gnutls_session(mandos_context *mc,
395
gnutls_session_t *session){
969
396
int ret;
970
397
/* GnuTLS session creation */
971
do {
972
ret = gnutls_init(session, (GNUTLS_SERVER
973
#if GNUTLS_VERSION_NUMBER >= 0x030506
974
| GNUTLS_NO_TICKETS
975
#endif
976
#if GNUTLS_VERSION_NUMBER >= 0x030606
977
| GNUTLS_ENABLE_RAWPK
978
#endif
979
));
980
if(quit_now){
981
return -1;
982
}
983
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
984
if(ret != GNUTLS_E_SUCCESS){
985
fprintf_plus(stderr,
986
"Error in GnuTLS session initialization: %s\n",
987
safer_gnutls_strerror(ret));
398
ret = gnutls_init(session, GNUTLS_SERVER);
399
if (ret != GNUTLS_E_SUCCESS){
400
fprintf(stderr, "Error in GnuTLS session initialization: %s\n",
401
safer_gnutls_strerror(ret));
988
402
}
989
403
990
404
{
991
405
const char *err;
992
do {
993
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
994
if(quit_now){
995
gnutls_deinit(*session);
996
return -1;
997
}
998
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
999
if(ret != GNUTLS_E_SUCCESS){
1000
fprintf_plus(stderr, "Syntax error at: %s\n", err);
1001
fprintf_plus(stderr, "GnuTLS error: %s\n",
1002
safer_gnutls_strerror(ret));
1003
gnutls_deinit(*session);
406
ret = gnutls_priority_set_direct(*session, mc->priority, &err);
407
if (ret != GNUTLS_E_SUCCESS) {
408
fprintf(stderr, "Syntax error at: %s\n", err);
409
fprintf(stderr, "GnuTLS error: %s\n",
410
safer_gnutls_strerror(ret));
411
gnutls_deinit (*session);
1004
412
return -1;
1005
413
}
1006
414
}
1007
415
1008
do {
1009
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
1010
mc->cred);
1011
if(quit_now){
1012
gnutls_deinit(*session);
1013
return -1;
1014
}
1015
} while(ret == GNUTLS_E_INTERRUPTED or ret == GNUTLS_E_AGAIN);
1016
if(ret != GNUTLS_E_SUCCESS){
1017
fprintf_plus(stderr, "Error setting GnuTLS credentials: %s\n",
1018
safer_gnutls_strerror(ret));
1019
gnutls_deinit(*session);
416
ret = gnutls_credentials_set(*session, GNUTLS_CRD_CERTIFICATE,
417
mc->cred);
418
if (ret != GNUTLS_E_SUCCESS) {
419
fprintf(stderr, "Error setting GnuTLS credentials: %s\n",
420
safer_gnutls_strerror(ret));
421
gnutls_deinit (*session);
1020
422
return -1;
1021
423
}
1022
424
1023
425
/* ignore client certificate if any. */
1024
gnutls_certificate_server_set_request(*session, GNUTLS_CERT_IGNORE);
426
gnutls_certificate_server_set_request (*session,
427
GNUTLS_CERT_IGNORE);
428
429
gnutls_dh_set_prime_bits (*session, mc->dh_bits);
1025
430
1026
431
return 0;
1027
432
}
1030
435
static void empty_log(__attribute__((unused)) AvahiLogLevel level,
1031
436
__attribute__((unused)) const char *txt){}
1032
437
1033
/* Helper function to add_local_route() and delete_local_route() */
1034
__attribute__((nonnull, warn_unused_result))
1035
static bool add_delete_local_route(const bool add,
1036
const char *address,
1037
AvahiIfIndex if_index){
1038
int ret;
1039
char helper[] = "mandos-client-iprouteadddel";
1040
char add_arg[] = "add";
1041
char delete_arg[] = "delete";
1042
char debug_flag[] = "--debug";
1043
char *pluginhelperdir = getenv("MANDOSPLUGINHELPERDIR");
1044
if(pluginhelperdir == NULL){
1045
if(debug){
1046
fprintf_plus(stderr, "MANDOSPLUGINHELPERDIR environment"
1047
" variable not set; cannot run helper\n");
1048
}
1049
return false;
1050
}
1051
1052
char interface[IF_NAMESIZE];
1053
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1054
perror_plus("if_indextoname");
1055
return false;
1056
}
1057
1058
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
1059
if(devnull == -1){
1060
perror_plus("open(\"/dev/null\", O_RDONLY)");
1061
return false;
1062
}
1063
pid_t pid = fork();
1064
if(pid == 0){
1065
/* Child */
1066
/* Raise privileges */
1067
errno = raise_privileges_permanently();
1068
if(errno != 0){
1069
perror_plus("Failed to raise privileges");
1070
/* _exit(EX_NOPERM); */
1071
} else {
1072
/* Set group */
1073
errno = 0;
1074
ret = setgid(0);
1075
if(ret == -1){
1076
perror_plus("setgid");
1077
close(devnull);
1078
_exit(EX_NOPERM);
1079
}
1080
/* Reset supplementary groups */
1081
errno = 0;
1082
ret = setgroups(0, NULL);
1083
if(ret == -1){
1084
perror_plus("setgroups");
1085
close(devnull);
1086
_exit(EX_NOPERM);
1087
}
1088
}
1089
ret = dup2(devnull, STDIN_FILENO);
1090
if(ret == -1){
1091
perror_plus("dup2(devnull, STDIN_FILENO)");
1092
close(devnull);
1093
_exit(EX_OSERR);
1094
}
1095
ret = close(devnull);
1096
if(ret == -1){
1097
perror_plus("close");
1098
}
1099
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1100
if(ret == -1){
1101
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
1102
_exit(EX_OSERR);
1103
}
1104
int helperdir_fd = (int)TEMP_FAILURE_RETRY(open(pluginhelperdir,
1105
O_RDONLY
1106
| O_DIRECTORY
1107
| O_PATH
1108
| O_CLOEXEC));
1109
if(helperdir_fd == -1){
1110
perror_plus("open");
1111
_exit(EX_UNAVAILABLE);
1112
}
1113
int helper_fd = (int)TEMP_FAILURE_RETRY(openat(helperdir_fd,
1114
helper, O_RDONLY));
1115
if(helper_fd == -1){
1116
perror_plus("openat");
1117
close(helperdir_fd);
1118
_exit(EX_UNAVAILABLE);
1119
}
1120
close(helperdir_fd);
1121
#ifdef __GNUC__
1122
#pragma GCC diagnostic push
1123
#pragma GCC diagnostic ignored "-Wcast-qual"
1124
#endif
1125
if(fexecve(helper_fd, (char *const [])
1126
{ helper, add ? add_arg : delete_arg, (char *)address,
1127
interface, debug ? debug_flag : NULL, NULL },
1128
environ) == -1){
1129
#ifdef __GNUC__
1130
#pragma GCC diagnostic pop
1131
#endif
1132
perror_plus("fexecve");
1133
_exit(EXIT_FAILURE);
1134
}
1135
}
1136
if(pid == -1){
1137
perror_plus("fork");
1138
close(devnull);
1139
return false;
1140
}
1141
ret = close(devnull);
1142
if(ret == -1){
1143
perror_plus("close");
1144
}
1145
int status;
1146
pid_t pret = -1;
1147
errno = 0;
1148
do {
1149
pret = waitpid(pid, &status, 0);
1150
if(pret == -1 and errno == EINTR and quit_now){
1151
int errno_raising = 0;
1152
if((errno = raise_privileges()) != 0){
1153
errno_raising = errno;
1154
perror_plus("Failed to raise privileges in order to"
1155
" kill helper program");
1156
}
1157
if(kill(pid, SIGTERM) == -1){
1158
perror_plus("kill");
1159
}
1160
if((errno_raising == 0) and (errno = lower_privileges()) != 0){
1161
perror_plus("Failed to lower privileges after killing"
1162
" helper program");
1163
}
1164
return false;
1165
}
1166
} while(pret == -1 and errno == EINTR);
1167
if(pret == -1){
1168
perror_plus("waitpid");
1169
return false;
1170
}
1171
if(WIFEXITED(status)){
1172
if(WEXITSTATUS(status) != 0){
1173
fprintf_plus(stderr, "Error: iprouteadddel exited"
1174
" with status %d\n", WEXITSTATUS(status));
1175
return false;
1176
}
1177
return true;
1178
}
1179
if(WIFSIGNALED(status)){
1180
fprintf_plus(stderr, "Error: iprouteadddel died by"
1181
" signal %d\n", WTERMSIG(status));
1182
return false;
1183
}
1184
fprintf_plus(stderr, "Error: iprouteadddel crashed\n");
1185
return false;
1186
}
1187
1188
__attribute__((nonnull, warn_unused_result))
1189
static bool add_local_route(const char *address,
1190
AvahiIfIndex if_index){
1191
if(debug){
1192
fprintf_plus(stderr, "Adding route to %s\n", address);
1193
}
1194
return add_delete_local_route(true, address, if_index);
1195
}
1196
1197
__attribute__((nonnull, warn_unused_result))
1198
static bool delete_local_route(const char *address,
1199
AvahiIfIndex if_index){
1200
if(debug){
1201
fprintf_plus(stderr, "Removing route to %s\n", address);
1202
}
1203
return add_delete_local_route(false, address, if_index);
1204
}
1205
1206
438
/* Called when a Mandos server is found */
1207
__attribute__((nonnull, warn_unused_result))
1208
static int start_mandos_communication(const char *ip, in_port_t port,
439
static int start_mandos_communication(const char *ip, uint16_t port,
1209
440
AvahiIfIndex if_index,
1210
int af, mandos_context *mc){
1211
int ret, tcp_sd = -1;
1212
ssize_t sret;
1213
struct sockaddr_storage to;
441
mandos_context *mc){
442
int ret, tcp_sd;
443
union { struct sockaddr in; struct sockaddr_in6 in6; } to;
1214
444
char *buffer = NULL;
1215
char *decrypted_buffer = NULL;
445
char *decrypted_buffer;
1216
446
size_t buffer_length = 0;
1217
447
size_t buffer_capacity = 0;
448
ssize_t decrypted_buffer_size;
1218
449
size_t written;
1219
int retval = -1;
450
int retval = 0;
451
char interface[IF_NAMESIZE];
1220
452
gnutls_session_t session;
1221
int pf; /* Protocol family */
1222
bool route_added = false;
1223
1224
errno = 0;
1225
1226
if(quit_now){
1227
errno = EINTR;
1228
return -1;
1229
}
1230
1231
switch(af){
1232
case AF_INET6:
1233
pf = PF_INET6;
1234
break;
1235
case AF_INET:
1236
pf = PF_INET;
1237
break;
1238
default:
1239
fprintf_plus(stderr, "Bad address family: %d\n", af);
1240
errno = EINVAL;
1241
return -1;
1242
}
1243
1244
/* If the interface is specified and we have a list of interfaces */
1245
if(if_index != AVAHI_IF_UNSPEC and mc->interfaces != NULL){
1246
/* Check if the interface is one of the interfaces we are using */
1247
bool match = false;
1248
{
1249
char *interface = NULL;
1250
while((interface = argz_next(mc->interfaces,
1251
mc->interfaces_size,
1252
interface))){
1253
if(if_nametoindex(interface) == (unsigned int)if_index){
1254
match = true;
1255
break;
1256
}
1257
}
1258
}
1259
if(not match){
1260
/* This interface does not match any in the list, so we don't
1261
connect to the server */
1262
if(debug){
1263
char interface[IF_NAMESIZE];
1264
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1265
perror_plus("if_indextoname");
1266
} else {
1267
fprintf_plus(stderr, "Skipping server on non-used interface"
1268
" \"%s\"\n",
1269
if_indextoname((unsigned int)if_index,
1270
interface));
1271
}
1272
}
453
454
ret = init_gnutls_session (mc, &session);
455
if (ret != 0){
456
return -1;
457
}
458
459
if(debug){
460
fprintf(stderr, "Setting up a tcp connection to %s, port %" PRIu16
461
"\n", ip, port);
462
}
463
464
tcp_sd = socket(PF_INET6, SOCK_STREAM, 0);
465
if(tcp_sd < 0) {
466
perror("socket");
467
return -1;
468
}
469
470
if(debug){
471
if(if_indextoname((unsigned int)if_index, interface) == NULL){
472
perror("if_indextoname");
1273
473
return -1;
1274
474
}
475
fprintf(stderr, "Binding to interface %s\n", interface);
1275
476
}
1276
477
1277
ret = init_gnutls_session(&session, mc);
1278
if(ret != 0){
478
memset(&to, 0, sizeof(to));
479
to.in6.sin6_family = AF_INET6;
480
/* It would be nice to have a way to detect if we were passed an
481
IPv4 address here. Now we assume an IPv6 address. */
482
ret = inet_pton(AF_INET6, ip, &to.in6.sin6_addr);
483
if (ret < 0 ){
484
perror("inet_pton");
1279
485
return -1;
1280
486
}
1281
1282
if(debug){
1283
fprintf_plus(stderr, "Setting up a TCP connection to %s, port %"
1284
PRIuMAX "\n", ip, (uintmax_t)port);
1285
}
1286
1287
tcp_sd = socket(pf, SOCK_STREAM | SOCK_CLOEXEC, 0);
1288
if(tcp_sd < 0){
1289
int e = errno;
1290
perror_plus("socket");
1291
errno = e;
1292
goto mandos_end;
1293
}
1294
1295
if(quit_now){
1296
errno = EINTR;
1297
goto mandos_end;
1298
}
1299
1300
if(af == AF_INET6){
1301
struct sockaddr_in6 *to6 = (struct sockaddr_in6 *)&to;
1302
*to6 = (struct sockaddr_in6){ .sin6_family = (sa_family_t)af };
1303
ret = inet_pton(af, ip, &to6->sin6_addr);
1304
} else { /* IPv4 */
1305
struct sockaddr_in *to4 = (struct sockaddr_in *)&to;
1306
*to4 = (struct sockaddr_in){ .sin_family = (sa_family_t)af };
1307
ret = inet_pton(af, ip, &to4->sin_addr);
1308
}
1309
if(ret < 0 ){
1310
int e = errno;
1311
perror_plus("inet_pton");
1312
errno = e;
1313
goto mandos_end;
1314
}
1315
487
if(ret == 0){
1316
int e = errno;
1317
fprintf_plus(stderr, "Bad address: %s\n", ip);
1318
errno = e;
1319
goto mandos_end;
1320
}
1321
if(af == AF_INET6){
1322
((struct sockaddr_in6 *)&to)->sin6_port = htons(port);
1323
if(IN6_IS_ADDR_LINKLOCAL
1324
(&((struct sockaddr_in6 *)&to)->sin6_addr)){
1325
if(if_index == AVAHI_IF_UNSPEC){
1326
fprintf_plus(stderr, "An IPv6 link-local address is"
1327
" incomplete without a network interface\n");
1328
errno = EINVAL;
1329
goto mandos_end;
1330
}
1331
/* Set the network interface number as scope */
1332
((struct sockaddr_in6 *)&to)->sin6_scope_id = (uint32_t)if_index;
1333
}
1334
} else {
1335
((struct sockaddr_in *)&to)->sin_port = htons(port);
1336
}
488
fprintf(stderr, "Bad address: %s\n", ip);
489
return -1;
490
}
491
to.in6.sin6_port = htons(port); /* Spurious warning */
1337
492
1338
if(quit_now){
1339
errno = EINTR;
1340
goto mandos_end;
1341
}
493
to.in6.sin6_scope_id = (uint32_t)if_index;
1342
494
1343
495
if(debug){
1344
if(af == AF_INET6 and if_index != AVAHI_IF_UNSPEC){
1345
char interface[IF_NAMESIZE];
1346
if(if_indextoname((unsigned int)if_index, interface) == NULL){
1347
perror_plus("if_indextoname");
1348
} else {
1349
fprintf_plus(stderr, "Connection to: %s%%%s, port %" PRIuMAX
1350
"\n", ip, interface, (uintmax_t)port);
1351
}
1352
} else {
1353
fprintf_plus(stderr, "Connection to: %s, port %" PRIuMAX "\n",
1354
ip, (uintmax_t)port);
1355
}
1356
char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
1357
INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
1358
if(af == AF_INET6){
1359
ret = getnameinfo((struct sockaddr *)&to,
1360
sizeof(struct sockaddr_in6),
1361
addrstr, sizeof(addrstr), NULL, 0,
1362
NI_NUMERICHOST);
1363
} else {
1364
ret = getnameinfo((struct sockaddr *)&to,
1365
sizeof(struct sockaddr_in),
1366
addrstr, sizeof(addrstr), NULL, 0,
1367
NI_NUMERICHOST);
1368
}
1369
if(ret == EAI_SYSTEM){
1370
perror_plus("getnameinfo");
1371
} else if(ret != 0) {
1372
fprintf_plus(stderr, "getnameinfo: %s", gai_strerror(ret));
1373
} else if(strcmp(addrstr, ip) != 0){
1374
fprintf_plus(stderr, "Canonical address form: %s\n", addrstr);
1375
}
1376
}
1377
1378
if(quit_now){
1379
errno = EINTR;
1380
goto mandos_end;
1381
}
1382
1383
while(true){
1384
if(af == AF_INET6){
1385
ret = connect(tcp_sd, (struct sockaddr *)&to,
1386
sizeof(struct sockaddr_in6));
1387
} else {
1388
ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
1389
sizeof(struct sockaddr_in));
1390
}
1391
if(ret < 0){
1392
if(((errno == ENETUNREACH) or (errno == EHOSTUNREACH))
1393
and if_index != AVAHI_IF_UNSPEC
1394
and connect_to == NULL
1395
and not route_added and
1396
((af == AF_INET6 and not
1397
IN6_IS_ADDR_LINKLOCAL(&(((struct sockaddr_in6 *)
1398
&to)->sin6_addr)))
1399
or (af == AF_INET and
1400
/* Not a a IPv4LL address */
1401
(ntohl(((struct sockaddr_in *)&to)->sin_addr.s_addr)
1402
& 0xFFFF0000L) != 0xA9FE0000L))){
1403
/* Work around Avahi bug - Avahi does not announce link-local
1404
addresses if it has a global address, so local hosts with
1405
*only* a link-local address (e.g. Mandos clients) cannot
1406
connect to a Mandos server announced by Avahi on a server
1407
host with a global address. Work around this by retrying
1408
with an explicit route added with the server's address.
1409
1410
Avahi bug reference:
1411
https://lists.freedesktop.org/archives/avahi/2010-February/001833.html
1412
https://bugs.debian.org/587961
1413
*/
1414
if(debug){
1415
fprintf_plus(stderr, "Mandos server unreachable, trying"
1416
" direct route\n");
1417
}
1418
int e = errno;
1419
route_added = add_local_route(ip, if_index);
1420
if(route_added){
1421
continue;
1422
}
1423
errno = e;
1424
}
1425
if(errno != ECONNREFUSED or debug){
1426
int e = errno;
1427
perror_plus("connect");
1428
errno = e;
1429
}
1430
goto mandos_end;
1431
}
1432
1433
if(quit_now){
1434
errno = EINTR;
1435
goto mandos_end;
1436
}
1437
break;
1438
}
1439
496
fprintf(stderr, "Connection to: %s, port %" PRIu16 "\n", ip,
497
port);
498
char addrstr[INET6_ADDRSTRLEN] = "";
499
if(inet_ntop(to.in6.sin6_family, &(to.in6.sin6_addr), addrstr,
500
sizeof(addrstr)) == NULL){
501
perror("inet_ntop");
502
} else {
503
if(strcmp(addrstr, ip) != 0){
504
fprintf(stderr, "Canonical address form: %s\n", addrstr);
505
}
506
}
507
}
508
509
ret = connect(tcp_sd, &to.in, sizeof(to));
510
if (ret < 0){
511
perror("connect");
512
return -1;
513
}
514
1440
515
const char *out = mandos_protocol_version;
1441
516
written = 0;
1442
while(true){
517
while (true){
1443
518
size_t out_size = strlen(out);
1444
ret = (int)TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
1445
out_size - written));
1446
if(ret == -1){
1447
int e = errno;
1448
perror_plus("write");
1449
errno = e;
519
ret = TEMP_FAILURE_RETRY(write(tcp_sd, out + written,
520
out_size - written));
521
if (ret == -1){
522
perror("write");
523
retval = -1;
1450
524
goto mandos_end;
1451
525
}
1452
526
written += (size_t)ret;
1453
527
if(written < out_size){
1454
528
continue;
1455
529
} else {
1456
if(out == mandos_protocol_version){
530
if (out == mandos_protocol_version){
1457
531
written = 0;
1458
532
out = "\r\n";
1459
533
} else {
1460
534
break;
1461
535
}
1462
536
}
1463
1464
if(quit_now){
1465
errno = EINTR;
1466
goto mandos_end;
1467
}
1468
537
}
1469
538
1470
539
if(debug){
1471
fprintf_plus(stderr, "Establishing TLS session with %s\n", ip);
1472
}
1473
1474
if(quit_now){
1475
errno = EINTR;
1476
goto mandos_end;
1477
}
1478
1479
/* This casting via intptr_t is to eliminate warning about casting
1480
an int to a pointer type. This is exactly how the GnuTLS Guile
1481
function "set-session-transport-fd!" does it. */
1482
gnutls_transport_set_ptr(session,
1483
(gnutls_transport_ptr_t)(intptr_t)tcp_sd);
1484
1485
if(quit_now){
1486
errno = EINTR;
1487
goto mandos_end;
1488
}
1489
1490
do {
1491
ret = gnutls_handshake(session);
1492
if(quit_now){
1493
errno = EINTR;
1494
goto mandos_end;
1495
}
540
fprintf(stderr, "Establishing TLS session with %s\n", ip);
541
}
542
543
gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) tcp_sd);
544
545
do{
546
ret = gnutls_handshake (session);
1496
547
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1497
548
1498
if(ret != GNUTLS_E_SUCCESS){
549
if (ret != GNUTLS_E_SUCCESS){
1499
550
if(debug){
1500
fprintf_plus(stderr, "*** GnuTLS Handshake failed ***\n");
1501
gnutls_perror(ret);
551
fprintf(stderr, "*** GnuTLS Handshake failed ***\n");
552
gnutls_perror (ret);
1502
553
}
1503
errno = EPROTO;
554
retval = -1;
1504
555
goto mandos_end;
1505
556
}
1506
557
1507
558
/* Read OpenPGP packet that contains the wanted password */
1508
559
1509
560
if(debug){
1510
fprintf_plus(stderr, "Retrieving OpenPGP encrypted password from"
1511
" %s\n", ip);
561
fprintf(stderr, "Retrieving pgp encrypted password from %s\n",
562
ip);
1512
563
}
1513
564
1514
565
while(true){
1515
1516
if(quit_now){
1517
errno = EINTR;
1518
goto mandos_end;
1519
}
1520
1521
buffer_capacity = incbuffer(&buffer, buffer_length,
1522
buffer_capacity);
1523
if(buffer_capacity == 0){
1524
int e = errno;
1525
perror_plus("incbuffer");
1526
errno = e;
1527
goto mandos_end;
1528
}
1529
1530
if(quit_now){
1531
errno = EINTR;
1532
goto mandos_end;
1533
}
1534
1535
sret = gnutls_record_recv(session, buffer+buffer_length,
1536
BUFFER_SIZE);
1537
if(sret == 0){
566
buffer_capacity = adjustbuffer(&buffer, buffer_length,
567
buffer_capacity);
568
if (buffer_capacity == 0){
569
perror("adjustbuffer");
570
retval = -1;
571
goto mandos_end;
572
}
573
574
ret = gnutls_record_recv(session, buffer+buffer_length,
575
BUFFER_SIZE);
576
if (ret == 0){
1538
577
break;
1539
578
}
1540
if(sret < 0){
1541
switch(sret){
579
if (ret < 0){
580
switch(ret){
1542
581
case GNUTLS_E_INTERRUPTED:
1543
582
case GNUTLS_E_AGAIN:
1544
583
break;
1545
584
case GNUTLS_E_REHANDSHAKE:
1546
do {
1547
ret = gnutls_handshake(session);
1548
1549
if(quit_now){
1550
errno = EINTR;
1551
goto mandos_end;
1552
}
585
do{
586
ret = gnutls_handshake (session);
1553
587
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1554
if(ret < 0){
1555
fprintf_plus(stderr, "*** GnuTLS Re-handshake failed "
1556
"***\n");
1557
gnutls_perror(ret);
1558
errno = EPROTO;
588
if (ret < 0){
589
fprintf(stderr, "*** GnuTLS Re-handshake failed ***\n");
590
gnutls_perror (ret);
591
retval = -1;
1559
592
goto mandos_end;
1560
593
}
1561
594
break;
1562
595
default:
1563
fprintf_plus(stderr, "Unknown error while reading data from"
1564
" encrypted session with Mandos server\n");
1565
gnutls_bye(session, GNUTLS_SHUT_RDWR);
1566
errno = EIO;
596
fprintf(stderr, "Unknown error while reading data from"
597
" encrypted session with Mandos server\n");
598
retval = -1;
599
gnutls_bye (session, GNUTLS_SHUT_RDWR);
1567
600
goto mandos_end;
1568
601
}
1569
602
} else {
1570
buffer_length += (size_t) sret;
603
buffer_length += (size_t) ret;
1571
604
}
1572
605
}
1573
606
1574
607
if(debug){
1575
fprintf_plus(stderr, "Closing TLS session\n");
1576
}
1577
1578
if(quit_now){
1579
errno = EINTR;
1580
goto mandos_end;
1581
}
1582
1583
do {
1584
ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
1585
if(quit_now){
1586
errno = EINTR;
1587
goto mandos_end;
1588
}
1589
} while(ret == GNUTLS_E_AGAIN or ret == GNUTLS_E_INTERRUPTED);
1590
1591
if(buffer_length > 0){
1592
ssize_t decrypted_buffer_size;
1593
decrypted_buffer_size = pgp_packet_decrypt(buffer, buffer_length,
1594
&decrypted_buffer, mc);
1595
if(decrypted_buffer_size >= 0){
1596
1597
clearerr(stdout);
608
fprintf(stderr, "Closing TLS session\n");
609
}
610
611
gnutls_bye (session, GNUTLS_SHUT_RDWR);
612
613
if (buffer_length > 0){
614
decrypted_buffer_size = pgp_packet_decrypt(buffer,
615
buffer_length,
616
&decrypted_buffer,
617
keydir);
618
if (decrypted_buffer_size >= 0){
1598
619
written = 0;
1599
620
while(written < (size_t) decrypted_buffer_size){
1600
if(quit_now){
1601
errno = EINTR;
1602
goto mandos_end;
1603
}
1604
1605
ret = (int)fwrite(decrypted_buffer + written, 1,
1606
(size_t)decrypted_buffer_size - written,
1607
stdout);
621
ret = (int)fwrite (decrypted_buffer + written, 1,
622
(size_t)decrypted_buffer_size - written,
623
stdout);
1608
624
if(ret == 0 and ferror(stdout)){
1609
int e = errno;
1610
625
if(debug){
1611
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1612
strerror(errno));
626
fprintf(stderr, "Error writing encrypted data: %s\n",
627
strerror(errno));
1613
628
}
1614
errno = e;
1615
goto mandos_end;
629
retval = -1;
630
break;
1616
631
}
1617
632
written += (size_t)ret;
1618
633
}
1619
ret = fflush(stdout);
1620
if(ret != 0){
1621
int e = errno;
1622
if(debug){
1623
fprintf_plus(stderr, "Error writing encrypted data: %s\n",
1624
strerror(errno));
1625
}
1626
errno = e;
1627
goto mandos_end;
1628
}
1629
retval = 0;
634
free(decrypted_buffer);
635
} else {
636
retval = -1;
1630
637
}
638
} else {
639
retval = -1;
1631
640
}
1632
641
1633
642
/* Shutdown procedure */
1634
643
1635
644
mandos_end:
1636
{
1637
if(route_added){
1638
if(not delete_local_route(ip, if_index)){
1639
fprintf_plus(stderr, "Failed to delete local route to %s on"
1640
" interface %d", ip, if_index);
1641
}
1642
}
1643
int e = errno;
1644
free(decrypted_buffer);
1645
free(buffer);
1646
if(tcp_sd >= 0){
1647
ret = close(tcp_sd);
1648
}
1649
if(ret == -1){
1650
if(e == 0){
1651
e = errno;
1652
}
1653
perror_plus("close");
1654
}
1655
gnutls_deinit(session);
1656
errno = e;
1657
if(quit_now){
1658
errno = EINTR;
1659
retval = -1;
1660
}
1661
}
645
free(buffer);
646
close(tcp_sd);
647
gnutls_deinit (session);
1662
648
return retval;
1663
649
}
1664
650
1665
651
static void resolve_callback(AvahiSServiceResolver *r,
1666
652
AvahiIfIndex interface,
1667
AvahiProtocol proto,
653
AVAHI_GCC_UNUSED AvahiProtocol protocol,
1668
654
AvahiResolverEvent event,
1669
655
const char *name,
1670
656
const char *type,
1675
661
AVAHI_GCC_UNUSED AvahiStringList *txt,
1676
662
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1677
663
flags,
1678
void *mc){
1679
if(r == NULL){
1680
return;
1681
}
664
void* userdata) {
665
mandos_context *mc = userdata;
666
assert(r);
1682
667
1683
668
/* Called whenever a service has been resolved successfully or
1684
669
timed out */
1685
670
1686
if(quit_now){
1687
avahi_s_service_resolver_free(r);
1688
return;
1689
}
1690
1691
switch(event){
671
switch (event) {
1692
672
default:
1693
673
case AVAHI_RESOLVER_FAILURE:
1694
fprintf_plus(stderr, "(Avahi Resolver) Failed to resolve service "
1695
"'%s' of type '%s' in domain '%s': %s\n", name, type,
1696
domain,
1697
avahi_strerror(avahi_server_errno
1698
(((mandos_context*)mc)->server)));
674
fprintf(stderr, "(Avahi Resolver) Failed to resolve service '%s'"
675
" of type '%s' in domain '%s': %s\n", name, type, domain,
676
avahi_strerror(avahi_server_errno(mc->server)));
1699
677
break;
1700
678
1701
679
case AVAHI_RESOLVER_FOUND:
1703
681
char ip[AVAHI_ADDRESS_STR_MAX];
1704
682
avahi_address_snprint(ip, sizeof(ip), address);
1705
683
if(debug){
1706
fprintf_plus(stderr, "Mandos server \"%s\" found on %s (%s, %"
1707
PRIdMAX ") on port %" PRIu16 "\n", name,
1708
host_name, ip, (intmax_t)interface, port);
684
fprintf(stderr, "Mandos server \"%s\" found on %s (%s, %"
685
PRIu16 ") on port %d\n", name, host_name, ip,
686
interface, port);
1709
687
}
1710
int ret = start_mandos_communication(ip, (in_port_t)port,
1711
interface,
1712
avahi_proto_to_af(proto),
1713
mc);
1714
if(ret == 0){
1715
avahi_simple_poll_quit(simple_poll);
1716
} else {
1717
if(not add_server(ip, (in_port_t)port, interface,
1718
avahi_proto_to_af(proto),
1719
&((mandos_context*)mc)->current_server)){
1720
fprintf_plus(stderr, "Failed to add server \"%s\" to server"
1721
" list\n", name);
1722
}
688
int ret = start_mandos_communication(ip, port, interface, mc);
689
if (ret == 0){
690
avahi_simple_poll_quit(mc->simple_poll);
1723
691
}
1724
692
}
1725
693
}
1726
694
avahi_s_service_resolver_free(r);
1727
695
}
1728
696
1729
static void browse_callback(AvahiSServiceBrowser *b,
1730
AvahiIfIndex interface,
1731
AvahiProtocol protocol,
1732
AvahiBrowserEvent event,
1733
const char *name,
1734
const char *type,
1735
const char *domain,
1736
AVAHI_GCC_UNUSED AvahiLookupResultFlags
1737
flags,
1738
void *mc){
1739
if(b == NULL){
1740
return;
1741
}
697
static void browse_callback( AvahiSServiceBrowser *b,
698
AvahiIfIndex interface,
699
AvahiProtocol protocol,
700
AvahiBrowserEvent event,
701
const char *name,
702
const char *type,
703
const char *domain,
704
AVAHI_GCC_UNUSED AvahiLookupResultFlags
705
flags,
706
void* userdata) {
707
mandos_context *mc = userdata;
708
assert(b);
1742
709
1743
710
/* Called whenever a new services becomes available on the LAN or
1744
711
is removed from the LAN */
1745
712
1746
if(quit_now){
1747
return;
1748
}
1749
1750
switch(event){
713
switch (event) {
1751
714
default:
1752
715
case AVAHI_BROWSER_FAILURE:
1753
716
1754
fprintf_plus(stderr, "(Avahi browser) %s\n",
1755
avahi_strerror(avahi_server_errno
1756
(((mandos_context*)mc)->server)));
1757
avahi_simple_poll_quit(simple_poll);
717
fprintf(stderr, "(Avahi browser) %s\n",
718
avahi_strerror(avahi_server_errno(mc->server)));
719
avahi_simple_poll_quit(mc->simple_poll);
1758
720
return;
1759
721
1760
722
case AVAHI_BROWSER_NEW:
1763
725
the callback function is called the Avahi server will free the
1764
726
resolver for us. */
1765
727
1766
if(avahi_s_service_resolver_new(((mandos_context*)mc)->server,
1767
interface, protocol, name, type,
1768
domain, protocol, 0,
1769
resolve_callback, mc) == NULL)
1770
fprintf_plus(stderr, "Avahi: Failed to resolve service '%s':"
1771
" %s\n", name,
1772
avahi_strerror(avahi_server_errno
1773
(((mandos_context*)mc)->server)));
728
if (!(avahi_s_service_resolver_new(mc->server, interface,
729
protocol, name, type, domain,
730
AVAHI_PROTO_INET6, 0,
731
resolve_callback, mc)))
732
fprintf(stderr, "Avahi: Failed to resolve service '%s': %s\n",
733
name, avahi_strerror(avahi_server_errno(mc->server)));
1774
734
break;
1775
735
1776
736
case AVAHI_BROWSER_REMOVE:
1779
739
case AVAHI_BROWSER_ALL_FOR_NOW:
1780
740
case AVAHI_BROWSER_CACHE_EXHAUSTED:
1781
741
if(debug){
1782
fprintf_plus(stderr, "No Mandos server found, still"
1783
" searching...\n");
742
fprintf(stderr, "No Mandos server found, still searching...\n");
1784
743
}
1785
744
break;
1786
745
}
1787
746
}
1788
747
1789
/* Signal handler that stops main loop after SIGTERM */
1790
static void handle_sigterm(int sig){
1791
if(quit_now){
1792
return;
1793
}
1794
quit_now = 1;
1795
signal_received = sig;
1796
int old_errno = errno;
1797
/* set main loop to exit */
1798
if(simple_poll != NULL){
1799
avahi_simple_poll_quit(simple_poll);
1800
}
1801
errno = old_errno;
1802
}
1803
1804
__attribute__((nonnull, warn_unused_result))
1805
bool get_flags(const char *ifname, struct ifreq *ifr){
1806
int ret;
1807
int old_errno;
1808
1809
int s = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
1810
if(s < 0){
1811
old_errno = errno;
1812
perror_plus("socket");
1813
errno = old_errno;
1814
return false;
1815
}
1816
strncpy(ifr->ifr_name, ifname, IF_NAMESIZE);
1817
ifr->ifr_name[IF_NAMESIZE-1] = '\0'; /* NUL terminate */
1818
ret = ioctl(s, SIOCGIFFLAGS, ifr);
1819
if(ret == -1){
1820
if(debug){
1821
old_errno = errno;
1822
perror_plus("ioctl SIOCGIFFLAGS");
1823
errno = old_errno;
1824
}
1825
if((close(s) == -1) and debug){
1826
old_errno = errno;
1827
perror_plus("close");
1828
errno = old_errno;
1829
}
1830
return false;
1831
}
1832
if((close(s) == -1) and debug){
1833
old_errno = errno;
1834
perror_plus("close");
1835
errno = old_errno;
1836
}
1837
return true;
1838
}
1839
1840
__attribute__((nonnull, warn_unused_result))
1841
bool good_flags(const char *ifname, const struct ifreq *ifr){
1842
1843
/* Reject the loopback device */
1844
if(ifr->ifr_flags & IFF_LOOPBACK){
1845
if(debug){
1846
fprintf_plus(stderr, "Rejecting loopback interface \"%s\"\n",
1847
ifname);
1848
}
1849
return false;
1850
}
1851
/* Accept point-to-point devices only if connect_to is specified */
1852
if(connect_to != NULL and (ifr->ifr_flags & IFF_POINTOPOINT)){
1853
if(debug){
1854
fprintf_plus(stderr, "Accepting point-to-point interface"
1855
" \"%s\"\n", ifname);
1856
}
1857
return true;
1858
}
1859
/* Otherwise, reject non-broadcast-capable devices */
1860
if(not (ifr->ifr_flags & IFF_BROADCAST)){
1861
if(debug){
1862
fprintf_plus(stderr, "Rejecting non-broadcast interface"
1863
" \"%s\"\n", ifname);
1864
}
1865
return false;
1866
}
1867
/* Reject non-ARP interfaces (including dummy interfaces) */
1868
if(ifr->ifr_flags & IFF_NOARP){
1869
if(debug){
1870
fprintf_plus(stderr, "Rejecting non-ARP interface \"%s\"\n",
1871
ifname);
1872
}
1873
return false;
1874
}
1875
1876
/* Accept this device */
1877
if(debug){
1878
fprintf_plus(stderr, "Interface \"%s\" is good\n", ifname);
1879
}
1880
return true;
1881
}
1882
1883
/*
1884
* This function determines if a directory entry in /sys/class/net
1885
* corresponds to an acceptable network device.
1886
* (This function is passed to scandir(3) as a filter function.)
1887
*/
1888
__attribute__((nonnull, warn_unused_result))
1889
int good_interface(const struct dirent *if_entry){
1890
if(if_entry->d_name[0] == '.'){
1891
return 0;
1892
}
1893
1894
struct ifreq ifr;
1895
if(not get_flags(if_entry->d_name, &ifr)){
1896
if(debug){
1897
fprintf_plus(stderr, "Failed to get flags for interface "
1898
"\"%s\"\n", if_entry->d_name);
1899
}
1900
return 0;
1901
}
1902
1903
if(not good_flags(if_entry->d_name, &ifr)){
1904
return 0;
1905
}
1906
return 1;
1907
}
1908
1909
/*
1910
* This function determines if a network interface is up.
1911
*/
1912
__attribute__((nonnull, warn_unused_result))
1913
bool interface_is_up(const char *interface){
1914
struct ifreq ifr;
1915
if(not get_flags(interface, &ifr)){
1916
if(debug){
1917
fprintf_plus(stderr, "Failed to get flags for interface "
1918
"\"%s\"\n", interface);
1919
}
1920
return false;
1921
}
1922
1923
return (bool)(ifr.ifr_flags & IFF_UP);
1924
}
1925
1926
/*
1927
* This function determines if a network interface is running
1928
*/
1929
__attribute__((nonnull, warn_unused_result))
1930
bool interface_is_running(const char *interface){
1931
struct ifreq ifr;
1932
if(not get_flags(interface, &ifr)){
1933
if(debug){
1934
fprintf_plus(stderr, "Failed to get flags for interface "
1935
"\"%s\"\n", interface);
1936
}
1937
return false;
1938
}
1939
1940
return (bool)(ifr.ifr_flags & IFF_RUNNING);
1941
}
1942
1943
__attribute__((nonnull, pure, warn_unused_result))
1944
int notdotentries(const struct dirent *direntry){
1945
/* Skip "." and ".." */
1946
if(direntry->d_name[0] == '.'
1947
and (direntry->d_name[1] == '\0'
1948
or (direntry->d_name[1] == '.'
1949
and direntry->d_name[2] == '\0'))){
1950
return 0;
1951
}
1952
return 1;
1953
}
1954
1955
/* Is this directory entry a runnable program? */
1956
__attribute__((nonnull, warn_unused_result))
1957
int runnable_hook(const struct dirent *direntry){
1958
int ret;
1959
size_t sret;
1960
struct stat st;
1961
1962
if((direntry->d_name)[0] == '\0'){
1963
/* Empty name? */
1964
return 0;
1965
}
1966
1967
sret = strspn(direntry->d_name, "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
1968
"abcdefghijklmnopqrstuvwxyz"
1969
"0123456789"
1970
"_.-");
1971
if((direntry->d_name)[sret] != '\0'){
1972
/* Contains non-allowed characters */
1973
if(debug){
1974
fprintf_plus(stderr, "Ignoring hook \"%s\" with bad name\n",
1975
direntry->d_name);
1976
}
1977
return 0;
1978
}
1979
1980
ret = fstatat(hookdir_fd, direntry->d_name, &st, 0);
1981
if(ret == -1){
1982
if(debug){
1983
perror_plus("Could not stat hook");
1984
}
1985
return 0;
1986
}
1987
if(not (S_ISREG(st.st_mode))){
1988
/* Not a regular file */
1989
if(debug){
1990
fprintf_plus(stderr, "Ignoring hook \"%s\" - not a file\n",
1991
direntry->d_name);
1992
}
1993
return 0;
1994
}
1995
if(not (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))){
1996
/* Not executable */
1997
if(debug){
1998
fprintf_plus(stderr, "Ignoring hook \"%s\" - not executable\n",
1999
direntry->d_name);
2000
}
2001
return 0;
2002
}
2003
if(debug){
2004
fprintf_plus(stderr, "Hook \"%s\" is acceptable\n",
2005
direntry->d_name);
2006
}
2007
return 1;
2008
}
2009
2010
__attribute__((nonnull, warn_unused_result))
2011
int avahi_loop_with_timeout(AvahiSimplePoll *s, int retry_interval,
2012
mandos_context *mc){
2013
int ret;
2014
struct timespec now;
2015
struct timespec waited_time;
2016
intmax_t block_time;
2017
2018
while(true){
2019
if(mc->current_server == NULL){
2020
if(debug){
2021
fprintf_plus(stderr, "Wait until first server is found."
2022
" No timeout!\n");
2023
}
2024
ret = avahi_simple_poll_iterate(s, -1);
2025
} else {
2026
if(debug){
2027
fprintf_plus(stderr, "Check current_server if we should run"
2028
" it, or wait\n");
2029
}
2030
/* the current time */
2031
ret = clock_gettime(CLOCK_MONOTONIC, &now);
2032
if(ret == -1){
2033
perror_plus("clock_gettime");
2034
return -1;
2035
}
2036
/* Calculating in ms how long time between now and server
2037
who we visted longest time ago. Now - last seen. */
2038
waited_time.tv_sec = (now.tv_sec
2039
- mc->current_server->last_seen.tv_sec);
2040
waited_time.tv_nsec = (now.tv_nsec
2041
- mc->current_server->last_seen.tv_nsec);
2042
/* total time is 10s/10,000ms.
2043
Converting to s from ms by dividing by 1,000,
2044
and ns to ms by dividing by 1,000,000. */
2045
block_time = ((retry_interval
2046
- ((intmax_t)waited_time.tv_sec * 1000))
2047
- ((intmax_t)waited_time.tv_nsec / 1000000));
2048
2049
if(debug){
2050
fprintf_plus(stderr, "Blocking for %" PRIdMAX " ms\n",
2051
block_time);
2052
}
2053
2054
if(block_time <= 0){
2055
ret = start_mandos_communication(mc->current_server->ip,
2056
mc->current_server->port,
2057
mc->current_server->if_index,
2058
mc->current_server->af, mc);
2059
if(ret == 0){
2060
avahi_simple_poll_quit(s);
2061
return 0;
2062
}
2063
ret = clock_gettime(CLOCK_MONOTONIC,
2064
&mc->current_server->last_seen);
2065
if(ret == -1){
2066
perror_plus("clock_gettime");
2067
return -1;
2068
}
2069
mc->current_server = mc->current_server->next;
2070
block_time = 0; /* Call avahi to find new Mandos
2071
servers, but don't block */
2072
}
2073
2074
ret = avahi_simple_poll_iterate(s, (int)block_time);
2075
}
2076
if(ret != 0){
2077
if(ret > 0 or errno != EINTR){
2078
return (ret != 1) ? ret : 0;
2079
}
2080
}
2081
}
2082
}
2083
2084
__attribute__((nonnull))
2085
void run_network_hooks(const char *mode, const char *interface,
2086
const float delay){
2087
struct dirent **direntries = NULL;
2088
if(hookdir_fd == -1){
2089
hookdir_fd = open(hookdir, O_RDONLY | O_DIRECTORY | O_PATH
2090
| O_CLOEXEC);
2091
if(hookdir_fd == -1){
2092
if(errno == ENOENT){
2093
if(debug){
2094
fprintf_plus(stderr, "Network hook directory \"%s\" not"
2095
" found\n", hookdir);
2096
}
2097
} else {
2098
perror_plus("open");
2099
}
2100
return;
2101
}
2102
}
2103
int devnull = (int)TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY));
2104
if(devnull == -1){
2105
perror_plus("open(\"/dev/null\", O_RDONLY)");
2106
return;
2107
}
2108
int numhooks = scandirat(hookdir_fd, ".", &direntries,
2109
runnable_hook, alphasort);
2110
if(numhooks == -1){
2111
perror_plus("scandir");
2112
close(devnull);
2113
return;
2114
}
2115
struct dirent *direntry;
2116
int ret;
2117
for(int i = 0; i < numhooks; i++){
2118
direntry = direntries[i];
2119
if(debug){
2120
fprintf_plus(stderr, "Running network hook \"%s\"\n",
2121
direntry->d_name);
2122
}
2123
pid_t hook_pid = fork();
2124
if(hook_pid == 0){
2125
/* Child */
2126
/* Raise privileges */
2127
errno = raise_privileges_permanently();
2128
if(errno != 0){
2129
perror_plus("Failed to raise privileges");
2130
_exit(EX_NOPERM);
2131
}
2132
/* Set group */
2133
errno = 0;
2134
ret = setgid(0);
2135
if(ret == -1){
2136
perror_plus("setgid");
2137
_exit(EX_NOPERM);
2138
}
2139
/* Reset supplementary groups */
2140
errno = 0;
2141
ret = setgroups(0, NULL);
2142
if(ret == -1){
2143
perror_plus("setgroups");
2144
_exit(EX_NOPERM);
2145
}
2146
ret = setenv("MANDOSNETHOOKDIR", hookdir, 1);
2147
if(ret == -1){
2148
perror_plus("setenv");
2149
_exit(EX_OSERR);
2150
}
2151
ret = setenv("DEVICE", interface, 1);
2152
if(ret == -1){
2153
perror_plus("setenv");
2154
_exit(EX_OSERR);
2155
}
2156
ret = setenv("VERBOSITY", debug ? "1" : "0", 1);
2157
if(ret == -1){
2158
perror_plus("setenv");
2159
_exit(EX_OSERR);
2160
}
2161
ret = setenv("MODE", mode, 1);
2162
if(ret == -1){
2163
perror_plus("setenv");
2164
_exit(EX_OSERR);
2165
}
2166
char *delaystring;
2167
ret = asprintf(&delaystring, "%f", (double)delay);
2168
if(ret == -1){
2169
perror_plus("asprintf");
2170
_exit(EX_OSERR);
2171
}
2172
ret = setenv("DELAY", delaystring, 1);
2173
if(ret == -1){
2174
free(delaystring);
2175
perror_plus("setenv");
2176
_exit(EX_OSERR);
2177
}
2178
free(delaystring);
2179
if(connect_to != NULL){
2180
ret = setenv("CONNECT", connect_to, 1);
2181
if(ret == -1){
2182
perror_plus("setenv");
2183
_exit(EX_OSERR);
2184
}
2185
}
2186
int hook_fd = (int)TEMP_FAILURE_RETRY(openat(hookdir_fd,
2187
direntry->d_name,
2188
O_RDONLY));
2189
if(hook_fd == -1){
2190
perror_plus("openat");
2191
_exit(EXIT_FAILURE);
2192
}
2193
if(close(hookdir_fd) == -1){
2194
perror_plus("close");
2195
_exit(EXIT_FAILURE);
2196
}
2197
ret = dup2(devnull, STDIN_FILENO);
2198
if(ret == -1){
2199
perror_plus("dup2(devnull, STDIN_FILENO)");
2200
_exit(EX_OSERR);
2201
}
2202
ret = close(devnull);
2203
if(ret == -1){
2204
perror_plus("close");
2205
_exit(EX_OSERR);
2206
}
2207
ret = dup2(STDERR_FILENO, STDOUT_FILENO);
2208
if(ret == -1){
2209
perror_plus("dup2(STDERR_FILENO, STDOUT_FILENO)");
2210
_exit(EX_OSERR);
2211
}
2212
if(fexecve(hook_fd, (char *const []){ direntry->d_name, NULL },
2213
environ) == -1){
2214
perror_plus("fexecve");
2215
_exit(EXIT_FAILURE);
2216
}
2217
} else {
2218
if(hook_pid == -1){
2219
perror_plus("fork");
2220
free(direntry);
2221
continue;
2222
}
2223
int status;
2224
if(TEMP_FAILURE_RETRY(waitpid(hook_pid, &status, 0)) == -1){
2225
perror_plus("waitpid");
2226
free(direntry);
2227
continue;
2228
}
2229
if(WIFEXITED(status)){
2230
if(WEXITSTATUS(status) != 0){
2231
fprintf_plus(stderr, "Warning: network hook \"%s\" exited"
2232
" with status %d\n", direntry->d_name,
2233
WEXITSTATUS(status));
2234
free(direntry);
2235
continue;
2236
}
2237
} else if(WIFSIGNALED(status)){
2238
fprintf_plus(stderr, "Warning: network hook \"%s\" died by"
2239
" signal %d\n", direntry->d_name,
2240
WTERMSIG(status));
2241
free(direntry);
2242
continue;
2243
} else {
2244
fprintf_plus(stderr, "Warning: network hook \"%s\""
2245
" crashed\n", direntry->d_name);
2246
free(direntry);
2247
continue;
2248
}
2249
}
2250
if(debug){
2251
fprintf_plus(stderr, "Network hook \"%s\" ran successfully\n",
2252
direntry->d_name);
2253
}
2254
free(direntry);
2255
}
2256
free(direntries);
2257
if(close(hookdir_fd) == -1){
2258
perror_plus("close");
2259
} else {
2260
hookdir_fd = -1;
2261
}
2262
close(devnull);
2263
}
2264
2265
__attribute__((nonnull, warn_unused_result))
2266
int bring_up_interface(const char *const interface,
2267
const float delay){
2268
int old_errno = errno;
2269
int ret;
2270
struct ifreq network;
2271
unsigned int if_index = if_nametoindex(interface);
2272
if(if_index == 0){
2273
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2274
errno = old_errno;
2275
return ENXIO;
2276
}
2277
2278
if(quit_now){
2279
errno = old_errno;
2280
return EINTR;
2281
}
2282
2283
if(not interface_is_up(interface)){
2284
int ret_errno = 0;
2285
int ioctl_errno = 0;
2286
if(not get_flags(interface, &network)){
2287
ret_errno = errno;
2288
fprintf_plus(stderr, "Failed to get flags for interface "
2289
"\"%s\"\n", interface);
2290
errno = old_errno;
2291
return ret_errno;
2292
}
2293
network.ifr_flags |= IFF_UP; /* set flag */
2294
2295
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2296
if(sd == -1){
2297
ret_errno = errno;
2298
perror_plus("socket");
2299
errno = old_errno;
2300
return ret_errno;
2301
}
2302
2303
if(quit_now){
2304
ret = close(sd);
2305
if(ret == -1){
2306
perror_plus("close");
2307
}
2308
errno = old_errno;
2309
return EINTR;
2310
}
2311
2312
if(debug){
2313
fprintf_plus(stderr, "Bringing up interface \"%s\"\n",
2314
interface);
2315
}
2316
2317
/* Raise privileges */
2318
ret_errno = raise_privileges();
2319
if(ret_errno != 0){
2320
errno = ret_errno;
2321
perror_plus("Failed to raise privileges");
2322
}
2323
2324
#ifdef __linux__
2325
int ret_linux;
2326
bool restore_loglevel = false;
2327
if(ret_errno == 0){
2328
/* Lower kernel loglevel to KERN_NOTICE to avoid KERN_INFO
2329
messages about the network interface to mess up the prompt */
2330
ret_linux = klogctl(8, NULL, 5);
2331
if(ret_linux == -1){
2332
perror_plus("klogctl");
2333
} else {
2334
restore_loglevel = true;
2335
}
2336
}
2337
#endif /* __linux__ */
2338
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2339
ioctl_errno = errno;
2340
#ifdef __linux__
2341
if(restore_loglevel){
2342
ret_linux = klogctl(7, NULL, 0);
2343
if(ret_linux == -1){
2344
perror_plus("klogctl");
2345
}
2346
}
2347
#endif /* __linux__ */
2348
2349
/* If raise_privileges() succeeded above */
2350
if(ret_errno == 0){
2351
/* Lower privileges */
2352
ret_errno = lower_privileges();
2353
if(ret_errno != 0){
2354
errno = ret_errno;
2355
perror_plus("Failed to lower privileges");
2356
}
2357
}
2358
2359
/* Close the socket */
2360
ret = close(sd);
2361
if(ret == -1){
2362
perror_plus("close");
2363
}
2364
2365
if(ret_setflags == -1){
2366
errno = ioctl_errno;
2367
perror_plus("ioctl SIOCSIFFLAGS +IFF_UP");
2368
errno = old_errno;
2369
return ioctl_errno;
2370
}
2371
} else if(debug){
2372
fprintf_plus(stderr, "Interface \"%s\" is already up; good\n",
2373
interface);
2374
}
2375
2376
/* Sleep checking until interface is running.
2377
Check every 0.25s, up to total time of delay */
2378
for(int i = 0; i < delay * 4; i++){
2379
if(interface_is_running(interface)){
2380
break;
2381
}
2382
struct timespec sleeptime = { .tv_nsec = 250000000 };
2383
ret = nanosleep(&sleeptime, NULL);
2384
if(ret == -1 and errno != EINTR){
2385
perror_plus("nanosleep");
2386
}
2387
}
2388
2389
errno = old_errno;
2390
return 0;
2391
}
2392
2393
__attribute__((nonnull, warn_unused_result))
2394
int take_down_interface(const char *const interface){
2395
int old_errno = errno;
2396
struct ifreq network;
2397
unsigned int if_index = if_nametoindex(interface);
2398
if(if_index == 0){
2399
fprintf_plus(stderr, "No such interface: \"%s\"\n", interface);
2400
errno = old_errno;
2401
return ENXIO;
2402
}
2403
if(interface_is_up(interface)){
2404
int ret_errno = 0;
2405
int ioctl_errno = 0;
2406
if(not get_flags(interface, &network) and debug){
2407
ret_errno = errno;
2408
fprintf_plus(stderr, "Failed to get flags for interface "
2409
"\"%s\"\n", interface);
2410
errno = old_errno;
2411
return ret_errno;
2412
}
2413
network.ifr_flags &= ~(short)IFF_UP; /* clear flag */
2414
2415
int sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
2416
if(sd == -1){
2417
ret_errno = errno;
2418
perror_plus("socket");
2419
errno = old_errno;
2420
return ret_errno;
2421
}
2422
2423
if(debug){
2424
fprintf_plus(stderr, "Taking down interface \"%s\"\n",
2425
interface);
2426
}
2427
2428
/* Raise privileges */
2429
ret_errno = raise_privileges();
2430
if(ret_errno != 0){
2431
errno = ret_errno;
2432
perror_plus("Failed to raise privileges");
2433
}
2434
2435
int ret_setflags = ioctl(sd, SIOCSIFFLAGS, &network);
2436
ioctl_errno = errno;
2437
2438
/* If raise_privileges() succeeded above */
2439
if(ret_errno == 0){
2440
/* Lower privileges */
2441
ret_errno = lower_privileges();
2442
if(ret_errno != 0){
2443
errno = ret_errno;
2444
perror_plus("Failed to lower privileges");
2445
}
2446
}
2447
2448
/* Close the socket */
2449
int ret = close(sd);
2450
if(ret == -1){
2451
perror_plus("close");
2452
}
2453
2454
if(ret_setflags == -1){
2455
errno = ioctl_errno;
2456
perror_plus("ioctl SIOCSIFFLAGS -IFF_UP");
2457
errno = old_errno;
2458
return ioctl_errno;
2459
}
2460
} else if(debug){
2461
fprintf_plus(stderr, "Interface \"%s\" is already down; odd\n",
2462
interface);
2463
}
2464
2465
errno = old_errno;
2466
return 0;
2467
}
748
/* Combines file name and path and returns the malloced new
749
string. some sane checks could/should be added */
750
static char *combinepath(const char *first, const char *second){
751
char *tmp;
752
int ret = asprintf(&tmp, "%s/%s", first, second);
753
if(ret < 0){
754
return NULL;
755
}
756
return tmp;
757
}
758
2468
759
2469
760
int main(int argc, char *argv[]){
2470
mandos_context mc = { .server = NULL, .dh_bits = 0,
2471
#if GNUTLS_VERSION_NUMBER >= 0x030606
2472
.priority = "SECURE128:!CTYPE-X.509"
2473
":+CTYPE-RAWPK:!RSA:!VERS-ALL:+VERS-TLS1.3"
2474
":%PROFILE_ULTRA",
2475
#elif GNUTLS_VERSION_NUMBER < 0x030600
2476
.priority = "SECURE256:!CTYPE-X.509"
2477
":+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256",
2478
#else
2479
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
2480
#endif
2481
.current_server = NULL, .interfaces = NULL,
2482
.interfaces_size = 0 };
2483
AvahiSServiceBrowser *sb = NULL;
2484
error_t ret_errno;
2485
int ret;
2486
intmax_t tmpmax;
2487
char *tmp;
2488
int exitcode = EXIT_SUCCESS;
2489
char *interfaces_to_take_down = NULL;
2490
size_t interfaces_to_take_down_size = 0;
2491
char run_tempdir[] = "/run/tmp/mandosXXXXXX";
2492
char old_tempdir[] = "/tmp/mandosXXXXXX";
2493
char *tempdir = NULL;
2494
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
2495
const char *seckey = PATHDIR "/" SECKEY;
2496
const char *pubkey = PATHDIR "/" PUBKEY;
2497
#if GNUTLS_VERSION_NUMBER >= 0x030606
2498
const char *tls_privkey = PATHDIR "/" TLS_PRIVKEY;
2499
const char *tls_pubkey = PATHDIR "/" TLS_PUBKEY;
2500
#endif
2501
const char *dh_params_file = NULL;
2502
char *interfaces_hooks = NULL;
2503
2504
bool gnutls_initialized = false;
2505
bool gpgme_initialized = false;
2506
float delay = 2.5f;
2507
double retry_interval = 10; /* 10s between trying a server and
2508
retrying the same server again */
2509
2510
struct sigaction old_sigterm_action = { .sa_handler = SIG_DFL };
2511
struct sigaction sigterm_action = { .sa_handler = handle_sigterm };
2512
2513
uid = getuid();
2514
gid = getgid();
2515
2516
/* Lower any group privileges we might have, just to be safe */
2517
errno = 0;
2518
ret = setgid(gid);
2519
if(ret == -1){
2520
perror_plus("setgid");
2521
}
2522
2523
/* Lower user privileges (temporarily) */
2524
errno = 0;
2525
ret = seteuid(uid);
2526
if(ret == -1){
2527
perror_plus("seteuid");
2528
}
2529
2530
if(quit_now){
2531
goto end;
2532
}
2533
2534
{
2535
struct argp_option options[] = {
2536
{ .name = "debug", .key = 128,
2537
.doc = "Debug mode", .group = 3 },
2538
{ .name = "connect", .key = 'c',
2539
.arg = "ADDRESS:PORT",
2540
.doc = "Connect directly to a specific Mandos server",
2541
.group = 1 },
2542
{ .name = "interface", .key = 'i',
2543
.arg = "NAME",
2544
.doc = "Network interface that will be used to search for"
2545
" Mandos servers",
2546
.group = 1 },
2547
{ .name = "seckey", .key = 's',
2548
.arg = "FILE",
2549
.doc = "OpenPGP secret key file base name",
2550
.group = 1 },
2551
{ .name = "pubkey", .key = 'p',
2552
.arg = "FILE",
2553
.doc = "OpenPGP public key file base name",
2554
.group = 1 },
2555
{ .name = "tls-privkey", .key = 't',
2556
.arg = "FILE",
2557
#if GNUTLS_VERSION_NUMBER >= 0x030606
2558
.doc = "TLS private key file base name",
2559
#else
2560
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2561
#endif
2562
.group = 1 },
2563
{ .name = "tls-pubkey", .key = 'T',
2564
.arg = "FILE",
2565
#if GNUTLS_VERSION_NUMBER >= 0x030606
2566
.doc = "TLS public key file base name",
2567
#else
2568
.doc = "Dummy; ignored (requires GnuTLS 3.6.6)",
2569
#endif
2570
.group = 1 },
2571
{ .name = "dh-bits", .key = 129,
2572
.arg = "BITS",
2573
.doc = "Bit length of the prime number used in the"
2574
" Diffie-Hellman key exchange",
2575
.group = 2 },
2576
{ .name = "dh-params", .key = 134,
2577
.arg = "FILE",
2578
.doc = "PEM-encoded PKCS#3 file with pre-generated parameters"
2579
" for the Diffie-Hellman key exchange",
2580
.group = 2 },
2581
{ .name = "priority", .key = 130,
2582
.arg = "STRING",
2583
.doc = "GnuTLS priority string for the TLS handshake",
2584
.group = 1 },
2585
{ .name = "delay", .key = 131,
2586
.arg = "SECONDS",
2587
.doc = "Maximum delay to wait for interface startup",
2588
.group = 2 },
2589
{ .name = "retry", .key = 132,
2590
.arg = "SECONDS",
2591
.doc = "Retry interval used when denied by the Mandos server",
2592
.group = 2 },
2593
{ .name = "network-hook-dir", .key = 133,
2594
.arg = "DIR",
2595
.doc = "Directory where network hooks are located",
2596
.group = 2 },
2597
/*
2598
* These reproduce what we would get without ARGP_NO_HELP
2599
*/
2600
{ .name = "help", .key = '?',
2601
.doc = "Give this help list", .group = -1 },
2602
{ .name = "usage", .key = -3,
2603
.doc = "Give a short usage message", .group = -1 },
2604
{ .name = "version", .key = 'V',
2605
.doc = "Print program version", .group = -1 },
2606
{ .name = NULL }
2607
};
2608
2609
error_t parse_opt(int key, char *arg,
2610
struct argp_state *state){
761
AvahiSServiceBrowser *sb = NULL;
762
int error;
763
int ret;
764
int exitcode = EXIT_SUCCESS;
765
const char *interface = "eth0";
766
struct ifreq network;
767
int sd;
768
uid_t uid;
769
gid_t gid;
770
char *connect_to = NULL;
771
AvahiIfIndex if_index = AVAHI_IF_UNSPEC;
772
char *pubkeyfilename = NULL;
773
char *seckeyfilename = NULL;
774
const char *pubkeyname = "pubkey.txt";
775
const char *seckeyname = "seckey.txt";
776
mandos_context mc = { .simple_poll = NULL, .server = NULL,
777
.dh_bits = 1024, .priority = "SECURE256"};
778
bool gnutls_initalized = false;
779
780
{
781
struct argp_option options[] = {
782
{ .name = "debug", .key = 128,
783
.doc = "Debug mode", .group = 3 },
784
{ .name = "connect", .key = 'c',
785
.arg = "IP",
786
.doc = "Connect directly to a sepcified mandos server",
787
.group = 1 },
788
{ .name = "interface", .key = 'i',
789
.arg = "INTERFACE",
790
.doc = "Interface that Avahi will conntect through",
791
.group = 1 },
792
{ .name = "keydir", .key = 'd',
793
.arg = "KEYDIR",
794
.doc = "Directory where the openpgp keyring is",
795
.group = 1 },
796
{ .name = "seckey", .key = 's',
797
.arg = "SECKEY",
798
.doc = "Secret openpgp key for gnutls authentication",
799
.group = 1 },
800
{ .name = "pubkey", .key = 'p',
801
.arg = "PUBKEY",
802
.doc = "Public openpgp key for gnutls authentication",
803
.group = 2 },
804
{ .name = "dh-bits", .key = 129,
805
.arg = "BITS",
806
.doc = "dh-bits to use in gnutls communication",
807
.group = 2 },
808
{ .name = "priority", .key = 130,
809
.arg = "PRIORITY",
810
.doc = "GNUTLS priority", .group = 1 },
811
{ .name = NULL }
812
};
813
814
815
error_t parse_opt (int key, char *arg,
816
struct argp_state *state) {
817
/* Get the INPUT argument from `argp_parse', which we know is
818
a pointer to our plugin list pointer. */
819
switch (key) {
820
case 128:
821
debug = true;
822
break;
823
case 'c':
824
connect_to = arg;
825
break;
826
case 'i':
827
interface = arg;
828
break;
829
case 'd':
830
keydir = arg;
831
break;
832
case 's':
833
seckeyname = arg;
834
break;
835
case 'p':
836
pubkeyname = arg;
837
break;
838
case 129:
839
errno = 0;
840
mc.dh_bits = (unsigned int) strtol(arg, NULL, 10);
841
if (errno){
842
perror("strtol");
843
exit(EXIT_FAILURE);
844
}
845
break;
846
case 130:
847
mc.priority = arg;
848
break;
849
case ARGP_KEY_ARG:
850
argp_usage (state);
851
case ARGP_KEY_END:
852
break;
853
default:
854
return ARGP_ERR_UNKNOWN;
855
}
856
return 0;
857
}
858
859
struct argp argp = { .options = options, .parser = parse_opt,
860
.args_doc = "",
861
.doc = "Mandos client -- Get and decrypt"
862
" passwords from mandos server" };
863
ret = argp_parse (&argp, argc, argv, 0, 0, NULL);
864
if (ret == ARGP_ERR_UNKNOWN){
865
fprintf(stderr, "Unknown error while parsing arguments\n");
866
exitcode = EXIT_FAILURE;
867
goto end;
868
}
869
}
870
871
pubkeyfilename = combinepath(keydir, pubkeyname);
872
if (pubkeyfilename == NULL){
873
perror("combinepath");
874
exitcode = EXIT_FAILURE;
875
goto end;
876
}
877
878
seckeyfilename = combinepath(keydir, seckeyname);
879
if (seckeyfilename == NULL){
880
perror("combinepath");
881
exitcode = EXIT_FAILURE;
882
goto end;
883
}
884
885
ret = init_gnutls_global(&mc, pubkeyfilename, seckeyfilename);
886
if (ret == -1){
887
fprintf(stderr, "init_gnutls_global failed\n");
888
exitcode = EXIT_FAILURE;
889
goto end;
890
} else {
891
gnutls_initalized = true;
892
}
893
894
/* If the interface is down, bring it up */
895
{
896
sd = socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP);
897
if(sd < 0) {
898
perror("socket");
899
exitcode = EXIT_FAILURE;
900
goto end;
901
}
902
strcpy(network.ifr_name, interface);
903
ret = ioctl(sd, SIOCGIFFLAGS, &network);
904
if(ret == -1){
905
perror("ioctl SIOCGIFFLAGS");
906
exitcode = EXIT_FAILURE;
907
goto end;
908
}
909
if((network.ifr_flags & IFF_UP) == 0){
910
network.ifr_flags |= IFF_UP;
911
ret = ioctl(sd, SIOCSIFFLAGS, &network);
912
if(ret == -1){
913
perror("ioctl SIOCSIFFLAGS");
914
exitcode = EXIT_FAILURE;
915
goto end;
916
}
917
}
918
close(sd);
919
}
920
921
uid = getuid();
922
gid = getgid();
923
924
ret = setuid(uid);
925
if (ret == -1){
926
perror("setuid");
927
}
928
929
setgid(gid);
930
if (ret == -1){
931
perror("setgid");
932
}
933
934
if_index = (AvahiIfIndex) if_nametoindex(interface);
935
if(if_index == 0){
936
fprintf(stderr, "No such interface: \"%s\"\n", interface);
937
exit(EXIT_FAILURE);
938
}
939
940
if(connect_to != NULL){
941
/* Connect directly, do not use Zeroconf */
942
/* (Mainly meant for debugging) */
943
char *address = strrchr(connect_to, ':');
944
if(address == NULL){
945
fprintf(stderr, "No colon in address\n");
946
exitcode = EXIT_FAILURE;
947
goto end;
948
}
2611
949
errno = 0;
2612
switch(key){
2613
case 128: /* --debug */
2614
debug = true;
2615
break;
2616
case 'c': /* --connect */
2617
connect_to = arg;
2618
break;
2619
case 'i': /* --interface */
2620
ret_errno = argz_add_sep(&mc.interfaces, &mc.interfaces_size,
2621
arg, (int)',');
2622
if(ret_errno != 0){
2623
argp_error(state, "%s", strerror(ret_errno));
2624
}
2625
break;
2626
case 's': /* --seckey */
2627
seckey = arg;
2628
break;
2629
case 'p': /* --pubkey */
2630
pubkey = arg;
2631
break;
2632
case 't': /* --tls-privkey */
2633
#if GNUTLS_VERSION_NUMBER >= 0x030606
2634
tls_privkey = arg;
2635
#endif
2636
break;
2637
case 'T': /* --tls-pubkey */
2638
#if GNUTLS_VERSION_NUMBER >= 0x030606
2639
tls_pubkey = arg;
2640
#endif
2641
break;
2642
case 129: /* --dh-bits */
2643
errno = 0;
2644
tmpmax = strtoimax(arg, &tmp, 10);
2645
if(errno != 0 or tmp == arg or *tmp != '\0'
2646
or tmpmax != (typeof(mc.dh_bits))tmpmax){
2647
argp_error(state, "Bad number of DH bits");
2648
}
2649
mc.dh_bits = (typeof(mc.dh_bits))tmpmax;
2650
break;
2651
case 134: /* --dh-params */
2652
dh_params_file = arg;
2653
break;
2654
case 130: /* --priority */
2655
mc.priority = arg;
2656
break;
2657
case 131: /* --delay */
2658
errno = 0;
2659
delay = strtof(arg, &tmp);
2660
if(errno != 0 or tmp == arg or *tmp != '\0'){
2661
argp_error(state, "Bad delay");
2662
}
2663
case 132: /* --retry */
2664
errno = 0;
2665
retry_interval = strtod(arg, &tmp);
2666
if(errno != 0 or tmp == arg or *tmp != '\0'
2667
or (retry_interval * 1000) > INT_MAX
2668
or retry_interval < 0){
2669
argp_error(state, "Bad retry interval");
2670
}
2671
break;
2672
case 133: /* --network-hook-dir */
2673
hookdir = arg;
2674
break;
2675
/*
2676
* These reproduce what we would get without ARGP_NO_HELP
2677
*/
2678
case '?': /* --help */
2679
argp_state_help(state, state->out_stream,
2680
(ARGP_HELP_STD_HELP | ARGP_HELP_EXIT_ERR)
2681
& ~(unsigned int)ARGP_HELP_EXIT_OK);
2682
__builtin_unreachable();
2683
case -3: /* --usage */
2684
argp_state_help(state, state->out_stream,
2685
ARGP_HELP_USAGE | ARGP_HELP_EXIT_ERR);
2686
__builtin_unreachable();
2687
case 'V': /* --version */
2688
fprintf_plus(state->out_stream, "%s\n", argp_program_version);
2689
exit(argp_err_exit_status);
2690
break;
2691
default:
2692
return ARGP_ERR_UNKNOWN;
2693
}
2694
return errno;
2695
}
2696
2697
struct argp argp = { .options = options, .parser = parse_opt,
2698
.args_doc = "",
2699
.doc = "Mandos client -- Get and decrypt"
2700
" passwords from a Mandos server" };
2701
ret_errno = argp_parse(&argp, argc, argv,
2702
ARGP_IN_ORDER | ARGP_NO_HELP, 0, NULL);
2703
switch(ret_errno){
2704
case 0:
2705
break;
2706
case ENOMEM:
2707
default:
2708
errno = ret_errno;
2709
perror_plus("argp_parse");
2710
exitcode = EX_OSERR;
2711
goto end;
2712
case EINVAL:
2713
exitcode = EX_USAGE;
2714
goto end;
2715
}
2716
}
2717
2718
{
2719
/* Work around Debian bug #633582:
2720
<https://bugs.debian.org/633582> */
2721
2722
/* Re-raise privileges */
2723
ret = raise_privileges();
2724
if(ret != 0){
2725
errno = ret;
2726
perror_plus("Failed to raise privileges");
2727
} else {
2728
struct stat st;
2729
2730
if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2731
int seckey_fd = open(seckey, O_RDONLY);
2732
if(seckey_fd == -1){
2733
perror_plus("open");
2734
} else {
2735
ret = (int)TEMP_FAILURE_RETRY(fstat(seckey_fd, &st));
2736
if(ret == -1){
2737
perror_plus("fstat");
2738
} else {
2739
if(S_ISREG(st.st_mode)
2740
and st.st_uid == 0 and st.st_gid == 0){
2741
ret = fchown(seckey_fd, uid, gid);
2742
if(ret == -1){
2743
perror_plus("fchown");
2744
}
2745
}
2746
}
2747
close(seckey_fd);
2748
}
2749
}
2750
2751
if(strcmp(pubkey, PATHDIR "/" PUBKEY) == 0){
2752
int pubkey_fd = open(pubkey, O_RDONLY);
2753
if(pubkey_fd == -1){
2754
perror_plus("open");
2755
} else {
2756
ret = (int)TEMP_FAILURE_RETRY(fstat(pubkey_fd, &st));
2757
if(ret == -1){
2758
perror_plus("fstat");
2759
} else {
2760
if(S_ISREG(st.st_mode)
2761
and st.st_uid == 0 and st.st_gid == 0){
2762
ret = fchown(pubkey_fd, uid, gid);
2763
if(ret == -1){
2764
perror_plus("fchown");
2765
}
2766
}
2767
}
2768
close(pubkey_fd);
2769
}
2770
}
2771
2772
if(dh_params_file != NULL
2773
and strcmp(dh_params_file, PATHDIR "/dhparams.pem" ) == 0){
2774
int dhparams_fd = open(dh_params_file, O_RDONLY);
2775
if(dhparams_fd == -1){
2776
perror_plus("open");
2777
} else {
2778
ret = (int)TEMP_FAILURE_RETRY(fstat(dhparams_fd, &st));
2779
if(ret == -1){
2780
perror_plus("fstat");
2781
} else {
2782
if(S_ISREG(st.st_mode)
2783
and st.st_uid == 0 and st.st_gid == 0){
2784
ret = fchown(dhparams_fd, uid, gid);
2785
if(ret == -1){
2786
perror_plus("fchown");
2787
}
2788
}
2789
}
2790
close(dhparams_fd);
2791
}
2792
}
2793
2794
/* Lower privileges */
2795
ret = lower_privileges();
2796
if(ret != 0){
2797
errno = ret;
2798
perror_plus("Failed to lower privileges");
2799
}
2800
}
2801
}
2802
2803
/* Remove invalid interface names (except "none") */
2804
{
2805
char *interface = NULL;
2806
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2807
interface))){
2808
if(strcmp(interface, "none") != 0
2809
and if_nametoindex(interface) == 0){
2810
if(interface[0] != '\0'){
2811
fprintf_plus(stderr, "Not using nonexisting interface"
2812
" \"%s\"\n", interface);
2813
}
2814
argz_delete(&mc.interfaces, &mc.interfaces_size, interface);
2815
interface = NULL;
2816
}
2817
}
2818
}
2819
2820
/* Run network hooks */
2821
{
2822
if(mc.interfaces != NULL){
2823
interfaces_hooks = malloc(mc.interfaces_size);
2824
if(interfaces_hooks == NULL){
2825
perror_plus("malloc");
950
uint16_t port = (uint16_t) strtol(address+1, NULL, 10);
951
if(errno){
952
perror("Bad port number");
953
exitcode = EXIT_FAILURE;
2826
954
goto end;
2827
955
}
2828
memcpy(interfaces_hooks, mc.interfaces, mc.interfaces_size);
2829
argz_stringify(interfaces_hooks, mc.interfaces_size, (int)',');
2830
}
2831
run_network_hooks("start", interfaces_hooks != NULL ?
2832
interfaces_hooks : "", delay);
2833
}
2834
2835
if(not debug){
2836
avahi_set_log_function(empty_log);
2837
}
2838
2839
/* Initialize Avahi early so avahi_simple_poll_quit() can be called
2840
from the signal handler */
2841
/* Initialize the pseudo-RNG for Avahi */
2842
srand((unsigned int) time(NULL));
2843
simple_poll = avahi_simple_poll_new();
2844
if(simple_poll == NULL){
2845
fprintf_plus(stderr,
2846
"Avahi: Failed to create simple poll object.\n");
2847
exitcode = EX_UNAVAILABLE;
2848
goto end;
2849
}
2850
2851
sigemptyset(&sigterm_action.sa_mask);
2852
ret = sigaddset(&sigterm_action.sa_mask, SIGINT);
2853
if(ret == -1){
2854
perror_plus("sigaddset");
2855
exitcode = EX_OSERR;
2856
goto end;
2857
}
2858
ret = sigaddset(&sigterm_action.sa_mask, SIGHUP);
2859
if(ret == -1){
2860
perror_plus("sigaddset");
2861
exitcode = EX_OSERR;
2862
goto end;
2863
}
2864
ret = sigaddset(&sigterm_action.sa_mask, SIGTERM);
2865
if(ret == -1){
2866
perror_plus("sigaddset");
2867
exitcode = EX_OSERR;
2868
goto end;
2869
}
2870
/* Need to check if the handler is SIG_IGN before handling:
2871
| [[info:libc:Initial Signal Actions]] |
2872
| [[info:libc:Basic Signal Handling]] |
2873
*/
2874
ret = sigaction(SIGINT, NULL, &old_sigterm_action);
2875
if(ret == -1){
2876
perror_plus("sigaction");
2877
return EX_OSERR;
2878
}
2879
if(old_sigterm_action.sa_handler != SIG_IGN){
2880
ret = sigaction(SIGINT, &sigterm_action, NULL);
2881
if(ret == -1){
2882
perror_plus("sigaction");
2883
exitcode = EX_OSERR;
2884
goto end;
2885
}
2886
}
2887
ret = sigaction(SIGHUP, NULL, &old_sigterm_action);
2888
if(ret == -1){
2889
perror_plus("sigaction");
2890
return EX_OSERR;
2891
}
2892
if(old_sigterm_action.sa_handler != SIG_IGN){
2893
ret = sigaction(SIGHUP, &sigterm_action, NULL);
2894
if(ret == -1){
2895
perror_plus("sigaction");
2896
exitcode = EX_OSERR;
2897
goto end;
2898
}
2899
}
2900
ret = sigaction(SIGTERM, NULL, &old_sigterm_action);
2901
if(ret == -1){
2902
perror_plus("sigaction");
2903
return EX_OSERR;
2904
}
2905
if(old_sigterm_action.sa_handler != SIG_IGN){
2906
ret = sigaction(SIGTERM, &sigterm_action, NULL);
2907
if(ret == -1){
2908
perror_plus("sigaction");
2909
exitcode = EX_OSERR;
2910
goto end;
2911
}
2912
}
2913
2914
/* If no interfaces were specified, make a list */
2915
if(mc.interfaces == NULL){
2916
struct dirent **direntries = NULL;
2917
/* Look for any good interfaces */
2918
ret = scandir(sys_class_net, &direntries, good_interface,
2919
alphasort);
2920
if(ret >= 1){
2921
/* Add all found interfaces to interfaces list */
2922
for(int i = 0; i < ret; ++i){
2923
ret_errno = argz_add(&mc.interfaces, &mc.interfaces_size,
2924
direntries[i]->d_name);
2925
if(ret_errno != 0){
2926
errno = ret_errno;
2927
perror_plus("argz_add");
2928
free(direntries[i]);
2929
continue;
2930
}
2931
if(debug){
2932
fprintf_plus(stderr, "Will use interface \"%s\"\n",
2933
direntries[i]->d_name);
2934
}
2935
free(direntries[i]);
2936
}
2937
free(direntries);
2938
} else {
2939
if(ret == 0){
2940
free(direntries);
2941
}
2942
fprintf_plus(stderr, "Could not find a network interface\n");
2943
exitcode = EXIT_FAILURE;
2944
goto end;
2945
}
2946
}
2947
2948
/* Bring up interfaces which are down, and remove any "none"s */
2949
{
2950
char *interface = NULL;
2951
while((interface = argz_next(mc.interfaces, mc.interfaces_size,
2952
interface))){
2953
/* If interface name is "none", stop bringing up interfaces.
2954
Also remove all instances of "none" from the list */
2955
if(strcmp(interface, "none") == 0){
2956
argz_delete(&mc.interfaces, &mc.interfaces_size,
2957
interface);
2958
interface = NULL;
2959
while((interface = argz_next(mc.interfaces,
2960
mc.interfaces_size, interface))){
2961
if(strcmp(interface, "none") == 0){
2962
argz_delete(&mc.interfaces, &mc.interfaces_size,
2963
interface);
2964
interface = NULL;
2965
}
2966
}
2967
break;
2968
}
2969
bool interface_was_up = interface_is_up(interface);
2970
errno = bring_up_interface(interface, delay);
2971
if(not interface_was_up){
2972
if(errno != 0){
2973
fprintf_plus(stderr, "Failed to bring up interface \"%s\":"
2974
" %s\n", interface, strerror(errno));
2975
} else {
2976
errno = argz_add(&interfaces_to_take_down,
2977
&interfaces_to_take_down_size,
2978
interface);
2979
if(errno != 0){
2980
perror_plus("argz_add");
2981
}
2982
}
2983
}
2984
}
2985
if(debug and (interfaces_to_take_down == NULL)){
2986
fprintf_plus(stderr, "No interfaces were brought up\n");
2987
}
2988
}
2989
2990
/* If we only got one interface, explicitly use only that one */
2991
if(argz_count(mc.interfaces, mc.interfaces_size) == 1){
2992
if(debug){
2993
fprintf_plus(stderr, "Using only interface \"%s\"\n",
2994
mc.interfaces);
2995
}
2996
if_index = (AvahiIfIndex)if_nametoindex(mc.interfaces);
2997
}
2998
2999
if(quit_now){
3000
goto end;
3001
}
3002
3003
#if GNUTLS_VERSION_NUMBER >= 0x030606
3004
ret = init_gnutls_global(tls_pubkey, tls_privkey, dh_params_file, &mc);
3005
#elif GNUTLS_VERSION_NUMBER < 0x030600
3006
ret = init_gnutls_global(pubkey, seckey, dh_params_file, &mc);
3007
#else
3008
#error "Needs GnuTLS 3.6.6 or later, or before 3.6.0"
3009
#endif
3010
if(ret == -1){
3011
fprintf_plus(stderr, "init_gnutls_global failed\n");
3012
exitcode = EX_UNAVAILABLE;
3013
goto end;
3014
} else {
3015
gnutls_initialized = true;
3016
}
3017
3018
if(quit_now){
3019
goto end;
3020
}
3021
3022
/* Try /run/tmp before /tmp */
3023
tempdir = mkdtemp(run_tempdir);
3024
if(tempdir == NULL and errno == ENOENT){
3025
if(debug){
3026
fprintf_plus(stderr, "Tempdir %s did not work, trying %s\n",
3027
run_tempdir, old_tempdir);
3028
}
3029
tempdir = mkdtemp(old_tempdir);
3030
}
3031
if(tempdir == NULL){
3032
perror_plus("mkdtemp");
3033
goto end;
3034
}
3035
3036
if(quit_now){
3037
goto end;
3038
}
3039
3040
if(not init_gpgme(pubkey, seckey, tempdir, &mc)){
3041
fprintf_plus(stderr, "init_gpgme failed\n");
3042
exitcode = EX_UNAVAILABLE;
3043
goto end;
3044
} else {
3045
gpgme_initialized = true;
3046
}
3047
3048
if(quit_now){
3049
goto end;
3050
}
3051
3052
if(connect_to != NULL){
3053
/* Connect directly, do not use Zeroconf */
3054
/* (Mainly meant for debugging) */
3055
char *address = strrchr(connect_to, ':');
3056
3057
if(address == NULL){
3058
fprintf_plus(stderr, "No colon in address\n");
3059
exitcode = EX_USAGE;
3060
goto end;
3061
}
3062
3063
if(quit_now){
3064
goto end;
3065
}
3066
3067
in_port_t port;
3068
errno = 0;
3069
tmpmax = strtoimax(address+1, &tmp, 10);
3070
if(errno != 0 or tmp == address+1 or *tmp != '\0'
3071
or tmpmax != (in_port_t)tmpmax){
3072
fprintf_plus(stderr, "Bad port number\n");
3073
exitcode = EX_USAGE;
3074
goto end;
3075
}
3076
3077
if(quit_now){
3078
goto end;
3079
}
3080
3081
port = (in_port_t)tmpmax;
3082
*address = '\0';
3083
/* Colon in address indicates IPv6 */
3084
int af;
3085
if(strchr(connect_to, ':') != NULL){
3086
af = AF_INET6;
3087
/* Accept [] around IPv6 address - see RFC 5952 */
3088
if(connect_to[0] == '[' and address[-1] == ']')
3089
{
3090
connect_to++;
3091
address[-1] = '\0';
3092
}
3093
} else {
3094
af = AF_INET;
3095
}
3096
address = connect_to;
3097
3098
if(quit_now){
3099
goto end;
3100
}
3101
3102
while(not quit_now){
3103
ret = start_mandos_communication(address, port, if_index, af,
3104
&mc);
3105
if(quit_now or ret == 0){
3106
break;
3107
}
3108
if(debug){
3109
fprintf_plus(stderr, "Retrying in %d seconds\n",
3110
(int)retry_interval);
3111
}
3112
sleep((unsigned int)retry_interval);
3113
}
3114
3115
if(not quit_now){
3116
exitcode = EXIT_SUCCESS;
3117
}
3118
3119
goto end;
3120
}
3121
3122
if(quit_now){
3123
goto end;
3124
}
3125
3126
{
3127
AvahiServerConfig config;
3128
/* Do not publish any local Zeroconf records */
3129
avahi_server_config_init(&config);
3130
config.publish_hinfo = 0;
3131
config.publish_addresses = 0;
3132
config.publish_workstation = 0;
3133
config.publish_domain = 0;
3134
3135
/* Allocate a new server */
3136
mc.server = avahi_server_new(avahi_simple_poll_get(simple_poll),
3137
&config, NULL, NULL, &ret);
3138
3139
/* Free the Avahi configuration data */
3140
avahi_server_config_free(&config);
3141
}
3142
3143
/* Check if creating the Avahi server object succeeded */
3144
if(mc.server == NULL){
3145
fprintf_plus(stderr, "Failed to create Avahi server: %s\n",
3146
avahi_strerror(ret));
3147
exitcode = EX_UNAVAILABLE;
3148
goto end;
3149
}
3150
3151
if(quit_now){
3152
goto end;
3153
}
3154
3155
/* Create the Avahi service browser */
3156
sb = avahi_s_service_browser_new(mc.server, if_index,
3157
AVAHI_PROTO_UNSPEC, "_mandos._tcp",
3158
NULL, 0, browse_callback,
3159
(void *)&mc);
3160
if(sb == NULL){
3161
fprintf_plus(stderr, "Failed to create service browser: %s\n",
3162
avahi_strerror(avahi_server_errno(mc.server)));
3163
exitcode = EX_UNAVAILABLE;
3164
goto end;
3165
}
3166
3167
if(quit_now){
3168
goto end;
3169
}
3170
3171
/* Run the main loop */
3172
3173
if(debug){
3174
fprintf_plus(stderr, "Starting Avahi loop search\n");
3175
}
3176
3177
ret = avahi_loop_with_timeout(simple_poll,
3178
(int)(retry_interval * 1000), &mc);
3179
if(debug){
3180
fprintf_plus(stderr, "avahi_loop_with_timeout exited %s\n",
3181
(ret == 0) ? "successfully" : "with error");
3182
}
3183
956
*address = '\0';
957
address = connect_to;
958
ret = start_mandos_communication(address, port, if_index, &mc);
959
if(ret < 0){
960
exitcode = EXIT_FAILURE;
961
} else {
962
exitcode = EXIT_SUCCESS;
963
}
964
goto end;
965
}
966
967
if (not debug){
968
avahi_set_log_function(empty_log);
969
}
970
971
/* Initialize the pseudo-RNG for Avahi */
972
srand((unsigned int) time(NULL));
973
974
/* Allocate main Avahi loop object */
975
mc.simple_poll = avahi_simple_poll_new();
976
if (mc.simple_poll == NULL) {
977
fprintf(stderr, "Avahi: Failed to create simple poll"
978
" object.\n");
979
exitcode = EXIT_FAILURE;
980
goto end;
981
}
982
983
{
984
AvahiServerConfig config;
985
/* Do not publish any local Zeroconf records */
986
avahi_server_config_init(&config);
987
config.publish_hinfo = 0;
988
config.publish_addresses = 0;
989
config.publish_workstation = 0;
990
config.publish_domain = 0;
991
992
/* Allocate a new server */
993
mc.server = avahi_server_new(avahi_simple_poll_get
994
(mc.simple_poll), &config, NULL,
995
NULL, &error);
996
997
/* Free the Avahi configuration data */
998
avahi_server_config_free(&config);
999
}
1000
1001
/* Check if creating the Avahi server object succeeded */
1002
if (mc.server == NULL) {
1003
fprintf(stderr, "Failed to create Avahi server: %s\n",
1004
avahi_strerror(error));
1005
exitcode = EXIT_FAILURE;
1006
goto end;
1007
}
1008
1009
/* Create the Avahi service browser */
1010
sb = avahi_s_service_browser_new(mc.server, if_index,
1011
AVAHI_PROTO_INET6,
1012
"_mandos._tcp", NULL, 0,
1013
browse_callback, &mc);
1014
if (sb == NULL) {
1015
fprintf(stderr, "Failed to create service browser: %s\n",
1016
avahi_strerror(avahi_server_errno(mc.server)));
1017
exitcode = EXIT_FAILURE;
1018
goto end;
1019
}
1020
1021
/* Run the main loop */
1022
1023
if (debug){
1024
fprintf(stderr, "Starting Avahi loop search\n");
1025
}
1026
1027
avahi_simple_poll_loop(mc.simple_poll);
1028
3184
1029
end:
3185
3186
if(debug){
3187
if(signal_received){
3188
fprintf_plus(stderr, "%s exiting due to signal %d: %s\n",
3189
argv[0], signal_received,
3190
strsignal(signal_received));
3191
} else {
3192
fprintf_plus(stderr, "%s exiting\n", argv[0]);
3193
}
3194
}
3195
3196
/* Cleanup things */
3197
free(mc.interfaces);
3198
3199
if(sb != NULL)
3200
avahi_s_service_browser_free(sb);
3201
3202
if(mc.server != NULL)
3203
avahi_server_free(mc.server);
3204
3205
if(simple_poll != NULL)
3206
avahi_simple_poll_free(simple_poll);
3207
3208
if(gnutls_initialized){
3209
gnutls_certificate_free_credentials(mc.cred);
3210
gnutls_dh_params_deinit(mc.dh_params);
3211
}
3212
3213
if(gpgme_initialized){
3214
gpgme_release(mc.ctx);
3215
}
3216
3217
/* Cleans up the circular linked list of Mandos servers the client
3218
has seen */
3219
if(mc.current_server != NULL){
3220
mc.current_server->prev->next = NULL;
3221
while(mc.current_server != NULL){
3222
server *next = mc.current_server->next;
3223
#ifdef __GNUC__
3224
#pragma GCC diagnostic push
3225
#pragma GCC diagnostic ignored "-Wcast-qual"
3226
#endif
3227
free((char *)(mc.current_server->ip));
3228
#ifdef __GNUC__
3229
#pragma GCC diagnostic pop
3230
#endif
3231
free(mc.current_server);
3232
mc.current_server = next;
3233
}
3234
}
3235
3236
/* Re-raise privileges */
3237
{
3238
ret = raise_privileges();
3239
if(ret != 0){
3240
errno = ret;
3241
perror_plus("Failed to raise privileges");
3242
} else {
3243
3244
/* Run network hooks */
3245
run_network_hooks("stop", interfaces_hooks != NULL ?
3246
interfaces_hooks : "", delay);
3247
3248
/* Take down the network interfaces which were brought up */
3249
{
3250
char *interface = NULL;
3251
while((interface = argz_next(interfaces_to_take_down,
3252
interfaces_to_take_down_size,
3253
interface))){
3254
ret = take_down_interface(interface);
3255
if(ret != 0){
3256
errno = ret;
3257
perror_plus("Failed to take down interface");
3258
}
3259
}
3260
if(debug and (interfaces_to_take_down == NULL)){
3261
fprintf_plus(stderr, "No interfaces needed to be taken"
3262
" down\n");
3263
}
3264
}
3265
}
3266
3267
ret = lower_privileges_permanently();
3268
if(ret != 0){
3269
errno = ret;
3270
perror_plus("Failed to lower privileges permanently");
3271
}
3272
}
3273
3274
free(interfaces_to_take_down);
3275
free(interfaces_hooks);
3276
3277
void clean_dir_at(int base, const char * const dirname,
3278
uintmax_t level){
3279
struct dirent **direntries = NULL;
3280
int dret;
3281
int dir_fd = (int)TEMP_FAILURE_RETRY(openat(base, dirname,
3282
O_RDONLY
3283
| O_NOFOLLOW
3284
| O_DIRECTORY
3285
| O_PATH));
3286
if(dir_fd == -1){
3287
perror_plus("open");
3288
return;
3289
}
3290
int numentries = scandirat(dir_fd, ".", &direntries,
3291
notdotentries, alphasort);
3292
if(numentries >= 0){
3293
for(int i = 0; i < numentries; i++){
3294
if(debug){
3295
fprintf_plus(stderr, "Unlinking \"%s/%s\"\n",
3296
dirname, direntries[i]->d_name);
3297
}
3298
dret = unlinkat(dir_fd, direntries[i]->d_name, 0);
3299
if(dret == -1){
3300
if(errno == EISDIR){
3301
dret = unlinkat(dir_fd, direntries[i]->d_name,
3302
AT_REMOVEDIR);
3303
}
3304
if((dret == -1) and (errno == ENOTEMPTY)
3305
and (strcmp(direntries[i]->d_name, "private-keys-v1.d")
3306
== 0) and (level == 0)){
3307
/* Recurse only in this special case */
3308
clean_dir_at(dir_fd, direntries[i]->d_name, level+1);
3309
dret = 0;
3310
}
3311
if((dret == -1) and (errno != ENOENT)){
3312
fprintf_plus(stderr, "unlink(\"%s/%s\"): %s\n", dirname,
3313
direntries[i]->d_name, strerror(errno));
3314
}
3315
}
3316
free(direntries[i]);
3317
}
3318
3319
/* need to clean even if 0 because man page doesn't specify */
3320
free(direntries);
3321
dret = unlinkat(base, dirname, AT_REMOVEDIR);
3322
if(dret == -1 and errno != ENOENT){
3323
perror_plus("rmdir");
3324
}
3325
} else {
3326
perror_plus("scandirat");
3327
}
3328
close(dir_fd);
3329
}
3330
3331
/* Removes the GPGME temp directory and all files inside */
3332
if(tempdir != NULL){
3333
clean_dir_at(-1, tempdir, 0);
3334
}
3335
3336
if(quit_now){
3337
sigemptyset(&old_sigterm_action.sa_mask);
3338
old_sigterm_action.sa_handler = SIG_DFL;
3339
ret = (int)TEMP_FAILURE_RETRY(sigaction(signal_received,
3340
&old_sigterm_action,
3341
NULL));
3342
if(ret == -1){
3343
perror_plus("sigaction");
3344
}
3345
do {
3346
ret = raise(signal_received);
3347
} while(ret != 0 and errno == EINTR);
3348
if(ret != 0){
3349
perror_plus("raise");
3350
abort();
3351
}
3352
TEMP_FAILURE_RETRY(pause());
3353
}
3354
3355
return exitcode;
1030
1031
if (debug){
1032
fprintf(stderr, "%s exiting\n", argv[0]);
1033
}
1034
1035
/* Cleanup things */
1036
if (sb != NULL)
1037
avahi_s_service_browser_free(sb);
1038
1039
if (mc.server != NULL)
1040
avahi_server_free(mc.server);
1041
1042
if (mc.simple_poll != NULL)
1043
avahi_simple_poll_free(mc.simple_poll);
1044
free(pubkeyfilename);
1045
free(seckeyfilename);
1046
1047
if (gnutls_initalized){
1048
gnutls_certificate_free_credentials(mc.cred);
1049
gnutls_global_deinit ();
1050
}
1051
1052
return exitcode;
3356
1053
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0